[{"date":"2025-06-30T08:14:29Z","repo":{"name":"gitlab.gwdg.de/subugoe/indexapi","commit":"2bf23aa7917778fda9affce8b157fa0ed3d4c1ed"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.3,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'swagger'","Warn: 'force pushes' enabled on branch 'swagger'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'swagger'","Info: 'stale review dismissal' is required to merge on branch 'swagger'","Warn: codeowners review is not required on branch 'swagger'","Info: 'up-to-date branches' is required to merge on branch 'swagger'","Warn: no status checks found to merge onto branch 'swagger'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":1},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/1 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":["Warn: Repository was created in last 90 days."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"project was created in last 90 days. please review its contents carefully","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:14:30Z","repo":{"name":"gitlab.gwdg.de/subugoe/textgrid-python-sid-api-helm","commit":"e0e1ff6fc7ed6893ef61e8d9fe7ae318b13d1f89"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.7,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/20 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":["Warn: Repository was created in last 90 days."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"project was created in last 90 days. please review its contents carefully","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:14:31Z","repo":{"name":"gitlab.gwdg.de/subugoe/sub-website","commit":"e49024252ec6b945263f29ff856531cf09fba616"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":3.0,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'dev12'","Info: 'force pushes' disabled on branch 'dev12'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'dev12'","Info: 'stale review dismissal' is required to merge on branch 'dev12'","Warn: codeowners review is not required on branch 'dev12'","Info: 'up-to-date branches' is required to merge on branch 'dev12'","Warn: no status checks found to merge onto branch 'dev12'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/30 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: GNU General Public License v2.0 or later: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file detected","score":10},{"details":["Warn: Repository was created in last 90 days."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"project was created in last 90 days. please review its contents carefully","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating php:8.2-apache to php:8.2-apache@sha256:5c550c885de07d1668d41db30bee3db7514cd06b9e476a0b206ef512a40d22fd","Warn: downloadThenRun not pinned by hash: Dockerfile:48-53","Warn: downloadThenRun not pinned by hash: Dockerfile:48-53","Info:   0 out of   1 containerImage dependencies pinned","Info:   0 out of   2 downloadThenRun dependencies pinned","Info:   1 out of   1 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 2","score":2},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:14:34Z","repo":{"name":"gitlab.gwdg.de/subugoe/test","commit":"43bb6f7f75610136cd6de471715cd00b2120743f"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.6,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"0 out of 2 merged PRs checked by a CI test -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/14 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":["Warn: Repository was created in last 90 days."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"project was created in last 90 days. please review its contents carefully","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: 0 commits out of 4 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"SAST tool is not run on all commits -- score normalized to 0","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:14:35Z","repo":{"name":"gitlab.gwdg.de/subugoe/k8s-prod-policy","commit":"b2cce07fef76872b8971496f118bbc3673083c9c"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.7,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/1 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":["Warn: Repository was created in last 90 days."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"project was created in last 90 days. please review its contents carefully","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:14:37Z","repo":{"name":"gitlab.gwdg.de/subugoe/scorecard-chart","commit":"7c5664a84eebc300b023397566956f2da56b540c"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.5,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"internal error: error during Releases.setup: GET https://gitlab.gwdg.de/api/v4/projects/45700/releases: 403 {message: 403 Forbidden}: ListReleases failed","score":-1},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/4 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":["Warn: Repository was created in last 90 days."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"project was created in last 90 days. please review its contents carefully","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"internal error: error during Releases.setup: GET https://gitlab.gwdg.de/api/v4/projects/45700/releases: 403 {message: 403 Forbidden}: ListReleases failed","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:14:38Z","repo":{"name":"gitlab.gwdg.de/subugoe/vault-disclosure","commit":"df8e04180b33fa05b3f376dfff3b5b9dc907c359"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.8,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"internal error: error during Releases.setup: GET https://gitlab.gwdg.de/api/v4/projects/45184/releases: 403 {message: 403 Forbidden}: ListReleases failed","score":-1},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"0 out of 1 merged PRs checked by a CI test -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 1/28 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: European Union Public License 1.2: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file detected","score":10},{"details":["Warn: Repository was created in last 90 days."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"project was created in last 90 days. please review its contents carefully","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: 0 commits out of 3 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"SAST tool is not run on all commits -- score normalized to 0","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"internal error: error during Releases.setup: GET https://gitlab.gwdg.de/api/v4/projects/45184/releases: 403 {message: 403 Forbidden}: ListReleases failed","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:14:39Z","repo":{"name":"gitlab.gwdg.de/subugoe/mensabot","commit":"b54202c96b04a421b7042fea265d1a9468990c2a"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.4,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Warn: 'force pushes' enabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":1},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"0 out of 4 merged PRs checked by a CI test -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 2/24 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file detected","score":10},{"details":["Warn: Repository was created in last 90 days."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"project was created in last 90 days. please review its contents carefully","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating python:3-slim to python:3-slim@sha256:f2fdaec50160418e0c2867ba3e254755edd067171725886d5d303fd7057bbf81","Warn: pipCommand not pinned by hash: Dockerfile:10","Info:   0 out of   1 containerImage dependencies pinned","Info:   0 out of   1 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":["Warn: 0 commits out of 10 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"SAST tool is not run on all commits -- score normalized to 0","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:14:42Z","repo":{"name":"gitlab.gwdg.de/subugoe/scorecard","commit":"cdac451a4383eedeeca74dfb9228b47e26ed70ea"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":3.8,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"0 out of 6 merged PRs checked by a CI test -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 1/6 approved changesets -- score normalized to 1","score":1},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Info: project has a license file: LICENSES/Apache-2.0.txt:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSES/Apache-2.0.txt:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file detected","score":10},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"20 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10","score":10},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: Dockerfile:5","Warn: containerImage not pinned by hash: Dockerfile:10: pin your Docker image by updating docker.io/python:3.13-alpine to docker.io/python:3.13-alpine@sha256:9b4929a72599b6c6389ece4ecbf415fd1355129f22bb92bb137eea098f05e975","Warn: containerImage not pinned by hash: Dockerfile.dev:5: pin your Docker image by updating docker.io/python:3.13-alpine to docker.io/python:3.13-alpine@sha256:9b4929a72599b6c6389ece4ecbf415fd1355129f22bb92bb137eea098f05e975","Warn: pipCommand not pinned by hash: Dockerfile:27-28","Warn: pipCommand not pinned by hash: Dockerfile:27-28","Warn: pipCommand not pinned by hash: Dockerfile.dev:8-9","Warn: pipCommand not pinned by hash: Dockerfile.dev:8-9","Info:   0 out of   3 containerImage dependencies pinned","Info:   0 out of   4 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"SAST tool is not run on all commits -- score normalized to 0","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:14:44Z","repo":{"name":"gitlab.gwdg.de/subugoe/vault-test","commit":"b159a97805ca6fa27c4711ce463b1e732c87cb71"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":3.2,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"internal error: internal error: Client.Repositories.ListCheckRunsForRef: request for pipelines returned error: GET https://gitlab.gwdg.de/api/v4/projects/40794/pipelines: 403 {message: 403 Forbidden}","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 1/3 approved changesets -- score normalized to 3","score":3},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":null,"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"internal error: internal error: Client.Checks.ListCheckRunsForRef: request for pipelines returned error: GET https://gitlab.gwdg.de/api/v4/projects/40794/pipelines: 403 {message: 403 Forbidden}","score":-1},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:14:46Z","repo":{"name":"gitlab.gwdg.de/subugoe/kfl-hosting","commit":"1a5c707b6347d8b3e6a1acb38c20d47dcadc4943"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":3.3,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"internal error: internal error: Client.Repositories.ListCheckRunsForRef: request for pipelines returned error: GET https://gitlab.gwdg.de/api/v4/projects/39455/pipelines: 403 {message: 403 Forbidden}","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/11 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Info: project has a license file: License:0","Info: FSF or OSI recognized license: Apache License 2.0: License:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file detected","score":10},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":null,"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"internal error: internal error: Client.Checks.ListCheckRunsForRef: request for pipelines returned error: GET https://gitlab.gwdg.de/api/v4/projects/39455/pipelines: 403 {message: 403 Forbidden}","score":-1},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:14:47Z","repo":{"name":"gitlab.gwdg.de/subugoe/hannah-arendt-annotation-editor","commit":"ac09e613db702effbacbac8aab0f914a2f16a7e5"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.2,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Warn: branch protection not enabled for branch 'wip'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection not enabled on development/release branches","score":0},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/1 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:14:48Z","repo":{"name":"gitlab.gwdg.de/subugoe/haroger","commit":"5e2b225097841863b71420331a5c0c6a096177b4"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.8,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/30 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":null,"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"internal error: RepoClient.ListLicenses: error during licensesHandler.setup: couldn't parse gitlab repo license url: ","score":-1},{"details":["Warn: Repository is archived."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"project is archived","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: Dockerfile:5","Warn: containerImage not pinned by hash: Dockerfile:19: pin your Docker image by updating docker.io/nginx:1.27.0-alpine to docker.io/nginx:1.27.0-alpine@sha256:208b70eefac13ee9be00e486f79c695b15cef861c680527171a27d253d834be9","Info:   0 out of   2 containerImage dependencies pinned","Info:   1 out of   1 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 3","score":3},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:14:50Z","repo":{"name":"gitlab.gwdg.de/subugoe/lbs-opac-forms","commit":"3d163c7a7b0bdfdcddb72f1d6713e4754816c532"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.2,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection not enabled on development/release branches","score":0},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/4 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:14:51Z","repo":{"name":"gitlab.gwdg.de/subugoe/i18next-weblate-demo","commit":"a2a485e33f4e40985e62237301e367eee56e5c4e"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.7,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/22 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:14:52Z","repo":{"name":"gitlab.gwdg.de/subugoe/gitlab-ci-tmpl","commit":"905fc766571e4f3d7ed5994fe5e273d78d521746"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.8,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"internal error: internal error: Client.Repositories.ListCheckRunsForRef: request for pipelines returned error: GET https://gitlab.gwdg.de/api/v4/projects/34832/pipelines: 403 {message: 403 Forbidden}","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 4/25 approved changesets -- score normalized to 1","score":1},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating alpine:3.19 to alpine:3.19@sha256:e5d0aea7f7d2954678a9a6269ca2d06e06591881161961ea59e974dff3f12377","Info:   0 out of   1 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"internal error: internal error: Client.Checks.ListCheckRunsForRef: request for pipelines returned error: GET https://gitlab.gwdg.de/api/v4/projects/34832/pipelines: 403 {message: 403 Forbidden}","score":-1},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:14:54Z","repo":{"name":"gitlab.gwdg.de/subugoe/fabian","commit":"08f0922c83494393e230b9a5a5567b36874646a3"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.5,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/22 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating ubuntu:14.04 to ubuntu:14.04@sha256:64483f3496c1373bfd55348e88694d1c4d0c9b660dee6bfef5e12f43b9933b30","Info:   0 out of   1 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:15:08Z","repo":{"name":"gitlab.gwdg.de/subugoe/fwb-daten-test-repository","commit":"bbe6b3b72ad2b8998b55e27d197b9d74a2c99fc0"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.7,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/2 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:15:51Z","repo":{"name":"gitlab.gwdg.de/subugoe/s3-image-upload-page","commit":"620e1552a6f3b06f3066cc50d0201ef3f67bf8a2"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.7,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/8 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:15:52Z","repo":{"name":"gitlab.gwdg.de/subugoe/aac-portal","commit":"dfd942a350a39dfd7e291101618250680fcb7e56"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.7,"checks":[{"details":["Warn: binary detected: packages/tmpl_fidaac/Tests/libs/BrowserStackLocal:1","Warn: binary detected: vendor/symfony/console/Resources/bin/hiddeninput.exe:1","Warn: binary detected: web/typo3conf/ext/solr/Resources/Private/Solr/configsets/ext_solr_7_5_0/typo3lib/solr-typo3-plugin-2.0.0.jar:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"binaries present in source code","score":7},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/30 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Info: Project packages its releases by way of GitHub Actions.: gitlabscorecard_flattened_ci.yaml:13"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow detected","score":10},{"details":["Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating php:7.1-apache to php:7.1-apache@sha256:70eefcf4372b279101259e905996b7733a87688d0b48625af01b55947836bb1f","Warn: downloadThenRun not pinned by hash: Dockerfile:10-49","Info:   0 out of   1 containerImage dependencies pinned","Info:   0 out of   1 downloadThenRun dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:18:21Z","repo":{"name":"gitlab.gwdg.de/subugoe/geoleo-portal","commit":"b7a0e310e51e7459f31028c393918024fb1de6d7"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.6,"checks":[{"details":["Warn: binary detected: typo3_src-7.6.10/vendor/symfony/console/Resources/bin/hiddeninput.exe:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"binaries present in source code","score":9},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/2 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:18:31Z","repo":{"name":"gitlab.gwdg.de/sub-epu/dini-validator","commit":"d6dfad22e4ff121fa91c7d3d95cb85bee42a4ec3"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.8,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/7 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Info: project has a license file: LICENSE.md:0","Info: FSF or OSI recognized license: GNU Affero General Public License v3.0: LICENSE.md:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file detected","score":10},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating php:8.2-apache to php:8.2-apache@sha256:5c550c885de07d1668d41db30bee3db7514cd06b9e476a0b206ef512a40d22fd","Info:   0 out of   1 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:18:32Z","repo":{"name":"gitlab.gwdg.de/subugoe/subwww-k8s","commit":"d38b14e65a9715e8122578a30585aeeb70480ee2"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.7,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/2 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:18:34Z","repo":{"name":"gitlab.gwdg.de/subugoe/georoc-frontend","commit":"4d995f7e50c6960f0770fc590679b1301d91c910"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.7,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Warn: branch protection not enabled for branch 'develop'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection not enabled on development/release branches","score":0},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"0 out of 1 merged PRs checked by a CI test -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 1/30 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: BSD 3-Clause \"New\" or \"Revised\" License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file detected","score":10},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: Dockerfile:2: pin your Docker image by updating node:18-alpine to node:18-alpine@sha256:8d6421d663b4c28fd3ebc498332f249011d118945588d0a35cb9bc4b8ca09d9e","Info:   0 out of   1 containerImage dependencies pinned","Info:   1 out of   1 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 5","score":5},{"details":["Warn: 0 commits out of 1 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"SAST tool is not run on all commits -- score normalized to 0","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:18:37Z","repo":{"name":"gitlab.gwdg.de/subugoe/thestacks-angular","commit":"1359b6aecec77537f5c8c2b17b1babce75939490"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":3.5,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Info: 'stale review dismissal' is required to merge on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: 'up-to-date branches' is required to merge on branch 'master'","Warn: no status checks found to merge onto branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/30 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: BSD 3-Clause \"New\" or \"Revised\" License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file detected","score":10},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: Dockerfile:4: pin your Docker image by updating node:18-alpine to node:18-alpine@sha256:8d6421d663b4c28fd3ebc498332f249011d118945588d0a35cb9bc4b8ca09d9e","Warn: containerImage not pinned by hash: Dockerfile.dist:7","Warn: containerImage not pinned by hash: Dockerfile.dist:20: pin your Docker image by updating node:18-alpine to node:18-alpine@sha256:8d6421d663b4c28fd3ebc498332f249011d118945588d0a35cb9bc4b8ca09d9e","Warn: npmCommand not pinned by hash: Dockerfile.dist:21","Info:   0 out of   3 containerImage dependencies pinned","Info:   0 out of   1 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file detected","score":10},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:18:42Z","repo":{"name":"gitlab.gwdg.de/subugoe/thestacks","commit":"0613157f3b3d006404a27d6ccb4bdce7ac0bed0e"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":3.4,"checks":[{"details":["Warn: binary detected: dspace/solr/ocr/lib/solr-ocrhighlighting-0.7.2.jar:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"binaries present in source code","score":9},{"details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Info: 'stale review dismissal' is required to merge on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: 'up-to-date branches' is required to merge on branch 'master'","Warn: no status checks found to merge onto branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/8 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: BSD 3-Clause \"New\" or \"Revised\" License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file detected","score":10},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: Dockerfile:11","Warn: containerImage not pinned by hash: Dockerfile:28","Warn: containerImage not pinned by hash: Dockerfile:50","Warn: containerImage not pinned by hash: Dockerfile.cli:11","Warn: containerImage not pinned by hash: Dockerfile.cli:27","Warn: containerImage not pinned by hash: Dockerfile.cli:48","Warn: containerImage not pinned by hash: Dockerfile.dependencies:10","Warn: containerImage not pinned by hash: Dockerfile.test:13","Warn: containerImage not pinned by hash: Dockerfile.test:30","Warn: containerImage not pinned by hash: Dockerfile.test:52","Warn: containerImage not pinned by hash: dspace/src/main/docker/dspace-postgres-pgcrypto-curl/Dockerfile:16","Warn: containerImage not pinned by hash: dspace/src/main/docker/dspace-postgres-pgcrypto/Dockerfile:16","Warn: containerImage not pinned by hash: dspace/src/main/docker/dspace-shibboleth/Dockerfile:13: pin your Docker image by updating ubuntu:20.04 to ubuntu:20.04@sha256:8feb4d8ca5354def3d8fce243717141ce31e2c428701f6682bd2fafe15388214","Warn: containerImage not pinned by hash: dspace/src/main/docker/dspace-solr/Dockerfile:15","Info:   0 out of  14 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file detected","score":10},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:18:46Z","repo":{"name":"gitlab.gwdg.de/subugoe/helmcharts","commit":"6691d5efaffe5b42482e2936f016ee0ece7e1ef9"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.7,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/7 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:18:47Z","repo":{"name":"gitlab.gwdg.de/subugoe/lbs_webadm_htdocs_local","commit":"0899e751037e8e44e559c8217a6f27368557c0e9"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.7,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/16 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:18:48Z","repo":{"name":"gitlab.gwdg.de/subugoe/lbs_opc4_local","commit":"8ef833eb57ad135b93e82640442c55a99c729ab8"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.2,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection not enabled on development/release branches","score":0},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/30 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:18:51Z","repo":{"name":"gitlab.gwdg.de/subugoe/lbs_eas_local","commit":"35222d1c85f4fd0927475751402c8ae74c7aabea"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.3,"checks":[{"details":["Warn: binary detected: m-printserver/print-server-1.0-SNAPSHOT (9. April 2015 15:48:50 MESZ).jar:1","Warn: binary detected: m-printserver/print-server-1.0-SNAPSHOT.jar:1","Warn: binary detected: m-printserver/test-files/layout-cli-1.0-SNAPSHOT.jar:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"binaries present in source code","score":7},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/27 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:19:01Z","repo":{"name":"gitlab.gwdg.de/subugoe/dspace7-docker","commit":"d862980060a4f5f0e537b90c9daae19748dde8c8"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":3.5,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Info: 'stale review dismissal' is required to merge on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: 'up-to-date branches' is required to merge on branch 'master'","Warn: no status checks found to merge onto branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/4 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: BSD 3-Clause \"New\" or \"Revised\" License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file detected","score":10},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: Dockerfile.geoleo:1: pin your Docker image by updating ubuntu:22.04 to ubuntu:22.04@sha256:01a3ee0b5e413cefaaffc6abe68c9c37879ae3cced56a8e088b1649e5b269eee","Warn: containerImage not pinned by hash: dspace/src/main/docker/dspace-angular/Dockerfile:1: pin your Docker image by updating node:14-bullseye to node:14-bullseye@sha256:c0bff0d29a742f40650d5f0305dd581351c10954e6cb6676fc96f47590b9666e","Warn: containerImage not pinned by hash: dspace/src/main/docker/dspace-postgres-pgcrypto-curl/Dockerfile:10: pin your Docker image by updating postgres:11 to postgres:11@sha256:5d2aa4a7b5f9bdadeddcf87cf7f90a176737a02a30d917de4ab2e6a329bd2d45","Warn: containerImage not pinned by hash: dspace/src/main/docker/dspace-postgres-pgcrypto/Dockerfile:10: pin your Docker image by updating postgres:11 to postgres:11@sha256:5d2aa4a7b5f9bdadeddcf87cf7f90a176737a02a30d917de4ab2e6a329bd2d45","Warn: containerImage not pinned by hash: dspace/src/main/docker/dspace-shibboleth/Dockerfile:13: pin your Docker image by updating ubuntu:20.04 to ubuntu:20.04@sha256:8feb4d8ca5354def3d8fce243717141ce31e2c428701f6682bd2fafe15388214","Info:   0 out of   5 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file detected","score":10},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:19:05Z","repo":{"name":"gitlab.gwdg.de/subugoe/vault-client-for-gitlab-ci","commit":"a8a7f298ed1029aeb4750ed1e05ab8a37384de8a"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.7,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"0 out of 1 merged PRs checked by a CI test -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/24 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Do What The F*ck You Want To Public License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file detected","score":10},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating docker.io/python:3.9-slim to docker.io/python:3.9-slim@sha256:a40cf9eba2c3ed9226afa9ace504f07ad30fe831343bb1c69f7a6707aadb7c21","Warn: pipCommand not pinned by hash: Dockerfile:8","Info:   0 out of   1 containerImage dependencies pinned","Info:   0 out of   1 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":["Warn: 0 commits out of 1 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"SAST tool is not run on all commits -- score normalized to 0","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:19:07Z","repo":{"name":"gitlab.gwdg.de/subugoe/argo-cd-workflow","commit":"3347a66b81a945a03a73b3065c767b0830a9fd3e"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.5,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"0 out of 1 merged PRs checked by a CI test -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 1/29 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1","score":1},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating alpine:3.16 to alpine:3.16@sha256:452e7292acee0ee16c332324d7de05fa2c99f9994ecc9f0779c602916a672ae4","Info:   0 out of   1 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":["Warn: 0 commits out of 2 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"SAST tool is not run on all commits -- score normalized to 0","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:19:08Z","repo":{"name":"gitlab.gwdg.de/subugoe/argocd-provisioning","commit":"f7fe603a1f621707a89a6ee9203871167d3eb1c0"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":4.2,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"internal error: error during Releases.setup: GET https://gitlab.gwdg.de/api/v4/projects/25915/releases: 403 {message: 403 Forbidden}: ListReleases failed","score":-1},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"0 out of 13 merged PRs checked by a CI test -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 8/14 approved changesets -- score normalized to 5","score":5},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10","score":10},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: 0 commits out of 29 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"SAST tool is not run on all commits -- score normalized to 0","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"internal error: error during Releases.setup: GET https://gitlab.gwdg.de/api/v4/projects/25915/releases: 403 {message: 403 Forbidden}: ListReleases failed","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:19:14Z","repo":{"name":"gitlab.gwdg.de/subugoe/docker-puppet-server","commit":"be615ca49f2bccdb958f8a26204f77733dce4314"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.5,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'dev'","Info: 'force pushes' disabled on branch 'dev'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'dev'","Info: 'stale review dismissal' is required to merge on branch 'dev'","Warn: codeowners review is not required on branch 'dev'","Info: 'up-to-date branches' is required to merge on branch 'dev'","Warn: no status checks found to merge onto branch 'dev'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/30 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Info: Possibly incomplete results: error parsing shell code: reached ) without matching $(( with )): puppet5/scripts/setup:21","Info: Possibly incomplete results: error parsing shell code: reached ) without matching $(( with )): puppet6/scripts/setup:21","Info: Possibly incomplete results: error parsing shell code: reached ) without matching $(( with )): puppet7/scripts/setup:21","Warn: containerImage not pinned by hash: puppet5/baseimage/Dockerfile:1: pin your Docker image by updating ubuntu:bionic to ubuntu:bionic@sha256:152dc042452c496007f07ca9127571cb9c29697f42acbfad72324b2bb2e43c98","Warn: containerImage not pinned by hash: puppet6/baseimage/Dockerfile:1: pin your Docker image by updating ubuntu:bionic to ubuntu:bionic@sha256:152dc042452c496007f07ca9127571cb9c29697f42acbfad72324b2bb2e43c98","Warn: containerImage not pinned by hash: puppet7/baseimage/Dockerfile:1: pin your Docker image by updating ubuntu:focal to ubuntu:focal@sha256:8feb4d8ca5354def3d8fce243717141ce31e2c428701f6682bd2fafe15388214","Warn: pipCommand not pinned by hash: puppet5/baseimage/Dockerfile:44-46","Warn: pipCommand not pinned by hash: puppet5/baseimage/Dockerfile:44-46","Warn: pipCommand not pinned by hash: puppet6/baseimage/Dockerfile:44-46","Warn: pipCommand not pinned by hash: puppet6/baseimage/Dockerfile:44-46","Warn: pipCommand not pinned by hash: puppet7/baseimage/Dockerfile:73","Warn: pipCommand not pinned by hash: puppet7/baseimage/Dockerfile:74","Warn: pipCommand not pinned by hash: puppet7/baseimage/Dockerfile:75","Warn: pipCommand not pinned by hash: puppet7/baseimage/Dockerfile:76","Warn: pipCommand not pinned by hash: puppet7/baseimage/Dockerfile:77","Warn: pipCommand not pinned by hash: puppet7/baseimage/Dockerfile:78","Warn: pipCommand not pinned by hash: puppet7/baseimage/Dockerfile:79","Warn: pipCommand not pinned by hash: puppet7/baseimage/Dockerfile:80","Warn: pipCommand not pinned by hash: puppet7/baseimage/Dockerfile:81","Warn: pipCommand not pinned by hash: puppet7/baseimage/Dockerfile:82","Warn: pipCommand not pinned by hash: puppet7/baseimage/Dockerfile:83","Warn: pipCommand not pinned by hash: puppet7/baseimage/Dockerfile:84","Warn: pipCommand not pinned by hash: puppet7/baseimage/Dockerfile:86","Warn: pipCommand not pinned by hash: puppet7/baseimage/Dockerfile:87","Warn: pipCommand not pinned by hash: puppet7/baseimage/Dockerfile:89-91","Warn: pipCommand not pinned by hash: puppet7/baseimage/Dockerfile:89-91","Info:   0 out of   3 containerImage dependencies pinned","Info:   0 out of  20 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:19:16Z","repo":{"name":"gitlab.gwdg.de/subugoe/grobid-helm","commit":"70b307dc256c85f8178f7f1b333f3502e5406486"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.7,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/5 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:19:18Z","repo":{"name":"gitlab.gwdg.de/subugoe/k8s-central-services","commit":"5d7e1a219b4ca940568c9e0db41516d1bbc90a56"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":3.3,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"internal error: error during Releases.setup: GET https://gitlab.gwdg.de/api/v4/projects/22768/releases: 403 {message: 403 Forbidden}: ListReleases failed","score":-1},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"internal error: internal error: Client.Repositories.ListCheckRunsForRef: request for pipelines returned error: GET https://gitlab.gwdg.de/api/v4/projects/22768/pipelines: 403 {message: 403 Forbidden}","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 2/13 approved changesets -- score normalized to 1","score":1},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file detected","score":10},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":null,"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"internal error: internal error: Client.Checks.ListCheckRunsForRef: request for pipelines returned error: GET https://gitlab.gwdg.de/api/v4/projects/22768/pipelines: 403 {message: 403 Forbidden}","score":-1},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"internal error: error during Releases.setup: GET https://gitlab.gwdg.de/api/v4/projects/22768/releases: 403 {message: 403 Forbidden}: ListReleases failed","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:19:21Z","repo":{"name":"gitlab.gwdg.de/subugoe/meta","commit":"bd4ae8da3c6e21efc42288a38a76bd1127f47b90"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.8,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/4 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: GNU Affero General Public License v3.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file detected","score":10},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: Dockerfile/php80-alpine_dockerfile.dockerfile:1: pin your Docker image by updating php:8.0-fpm-alpine to php:8.0-fpm-alpine@sha256:bbf76d84a693fae1e0d2a259db70c9c47f41bd5a6ec3d339ba397939e7875dd8","Warn: downloadThenRun not pinned by hash: Dockerfile/php80-alpine_dockerfile.dockerfile:10-24","Info:   0 out of   1 containerImage dependencies pinned","Info:   0 out of   1 downloadThenRun dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:19:22Z","repo":{"name":"gitlab.gwdg.de/subugoe/deploy-image","commit":"ae300aa9b5d33a6e01440badef3bb3502de60598"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.8,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/11 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: GNU Affero General Public License v3.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file detected","score":10},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating alpine:latest to alpine:latest@sha256:8a1f59ffb675680d47db6337b49d22281a139e9d709335b492be023728e11715","Info:   0 out of   1 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:19:24Z","repo":{"name":"gitlab.gwdg.de/subugoe/group-runner-check","commit":"6790f90127c7eb0d0634131d5dbc03987f09d505"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.7,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/5 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":["Warn: Repository is archived."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"project is archived","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:19:26Z","repo":{"name":"gitlab.gwdg.de/subugoe/site-qmh-base","commit":"f80a64a054c336c40ac6453ce6ad0f1e62fd2d4a"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":3.0,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/1 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Info: Project packages its releases by way of GitHub Actions.: gitlabscorecard_flattened_ci.yaml:11"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow detected","score":10},{"details":["Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating php:7.4-apache-buster to php:7.4-apache-buster@sha256:54ab36b44088c9baa82213e8bbb54802e1c12e620afbfbf64f41e2e9b8f01211","Warn: downloadThenRun not pinned by hash: Dockerfile:8-55","Warn: downloadThenRun not pinned by hash: Dockerfile:8-55","Info:   0 out of   1 containerImage dependencies pinned","Info:   0 out of   2 downloadThenRun dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:19:27Z","repo":{"name":"gitlab.gwdg.de/subugoe/zvdd-validator","commit":"2d28b497faa4c8f70ae8cd43e18c66e8c2537717"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.6,"checks":[{"details":["Warn: binary detected: schematron/saxon9he.jar:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"binaries present in source code","score":9},{"details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Info: 'stale review dismissal' is required to merge on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: 'up-to-date branches' is required to merge on branch 'master'","Warn: no status checks found to merge onto branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/28 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:19:29Z","repo":{"name":"gitlab.gwdg.de/subugoe/typo3-jkzvdd","commit":"a26f3665d39c06c566ec1a2d24bb41ecb8e9a967"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.7,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/30 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:19:30Z","repo":{"name":"gitlab.gwdg.de/subugoe/fwb-importer","commit":"1754eb84f54d4090212cb1a0f3632b510901716d"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.6,"checks":[{"details":["Warn: binary detected: solr/fwb/conf/fwb-solr-mods.jar:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"binaries present in source code","score":9},{"details":["Info: 'allow deletion' disabled on branch 'master'","Warn: 'force pushes' enabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Info: 'stale review dismissal' is required to merge on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: 'up-to-date branches' is required to merge on branch 'master'","Warn: no status checks found to merge onto branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":1},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/30 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":["Warn: Repository is archived."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"project is archived","score":0},{"details":["Info: Project packages its releases by way of GitHub Actions.: gitlabscorecard_flattened_ci.yaml:16"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow detected","score":10},{"details":["Warn: containerImage not pinned by hash: Dockerfile-compile:1: pin your Docker image by updating gradle:4.4 to gradle:4.4@sha256:6f2195e270a490b30b1d63e90ccc2e9f6a04a4be1fd66527102949fc4b722250","Warn: containerImage not pinned by hash: Dockerfile-importer:1","Warn: containerImage not pinned by hash: gitclone/Dockerfile:1: pin your Docker image by updating debian:8 to debian:8@sha256:32ad5050caffb2c7e969dac873bce2c370015c2256ff984b70c1c08b3a2816a0","Info:   0 out of   3 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:19:33Z","repo":{"name":"gitlab.gwdg.de/subugoe/shared-product-configs","commit":"6be7c4aad697ce5f1601d213532a7bfd28c02734"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.7,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Info: 'stale review dismissal' is required to merge on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: 'up-to-date branches' is required to merge on branch 'master'","Warn: no status checks found to merge onto branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/30 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:19:34Z","repo":{"name":"gitlab.gwdg.de/subugoe/metsimporter","commit":"4415162b5f00e23e788cfc1a98bb81930e4b55af"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":4.2,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Info: 'stale review dismissal' is required to merge on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: 'up-to-date branches' is required to merge on branch 'master'","Warn: no status checks found to merge onto branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"5 out of 5 merged PRs checked by a CI test -- score normalized to 10","score":10},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 5/26 approved changesets -- score normalized to 1","score":1},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file detected","score":10},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10","score":10},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: cfg/es6-init/Dockerfile:1: pin your Docker image by updating ubuntu to ubuntu@sha256:b59d21599a2b151e23eea5f6602f4af4d7d31c4e236d22bf0b62b86d2e386b8f","Warn: containerImage not pinned by hash: cfg/es6/Dockerfile:1: pin your Docker image by updating docker.elastic.co/elasticsearch/elasticsearch:6.8.0 to docker.elastic.co/elasticsearch/elasticsearch:6.8.0@sha256:2c77f71d560053fec89564043c7eb2dca5dd3132d85ba1f233fc5db966827446","Warn: containerImage not pinned by hash: cfg/kibana/Dockerfile:1: pin your Docker image by updating docker.elastic.co/kibana/kibana:6.8.0 to docker.elastic.co/kibana/kibana:6.8.0@sha256:6d487c045e9a8e5bc092325185407216881981843210b35ab1166fcaf6f9472b","Warn: containerImage not pinned by hash: collector/Dockerfile:1","Warn: containerImage not pinned by hash: collector/Dockerfile:34: pin your Docker image by updating alpine:3.17 to alpine:3.17@sha256:8fc3dacfb6d69da8d44e42390de777e48577085db99aa4e4af35f483eb08b989","Warn: containerImage not pinned by hash: converter/Dockerfile:1","Warn: containerImage not pinned by hash: converter/Dockerfile:29: pin your Docker image by updating alpine:3.19 to alpine:3.19@sha256:e5d0aea7f7d2954678a9a6269ca2d06e06591881161961ea59e974dff3f12377","Warn: containerImage not pinned by hash: docker/s3/Dockerfile:3: pin your Docker image by updating minio/minio to minio/minio@sha256:064117214caceaa8d8a90ef7caa58f2b2aeb316b5156afe9ee8da5b4d83e12c8","Warn: containerImage not pinned by hash: docker/s3/Dockerfile.indexed:1: pin your Docker image by updating docker.gitlab.gwdg.de/subugoe/metsimporter/s3-test:master to docker.gitlab.gwdg.de/subugoe/metsimporter/s3-test:master@sha256:992a793a6f9609a12c787d25fe2c74413371f119999fbe3653b6efa1da82ce77","Warn: containerImage not pinned by hash: docker/search/Dockerfile:1: pin your Docker image by updating docker.elastic.co/elasticsearch/elasticsearch:6.8.21 to docker.elastic.co/elasticsearch/elasticsearch:6.8.21@sha256:a2515ad7b25fb05fec667ad562a07a633fbece9177db84267a1a594f6b732a11","Warn: containerImage not pinned by hash: docker/search/Dockerfile.prepopulated:1: pin your Docker image by updating docker.gitlab.gwdg.de/subugoe/metsimporter/search:master to docker.gitlab.gwdg.de/subugoe/metsimporter/search:master@sha256:8fad686d694b8d05f74d636adbbe2d54cadb7a8d4aaad2a7ace4f77f3295d864","Warn: containerImage not pinned by hash: image_resolver/Dockerfile:1","Warn: containerImage not pinned by hash: image_resolver/Dockerfile:35: pin your Docker image by updating alpine:3.17 to alpine:3.17@sha256:8fc3dacfb6d69da8d44e42390de777e48577085db99aa4e4af35f483eb08b989","Warn: containerImage not pinned by hash: indexer/Dockerfile:1","Warn: containerImage not pinned by hash: indexer/Dockerfile:29: pin your Docker image by updating alpine:3.19 to alpine:3.19@sha256:e5d0aea7f7d2954678a9a6269ca2d06e06591881161961ea59e974dff3f12377","Warn: containerImage not pinned by hash: pdfconverter/Dockerfile:1: pin your Docker image by updating vertx/vertx3 to vertx/vertx3@sha256:5c00dd6ea564772d7c94859abbaa2c348c8d6a71937d8b168162b3f97b5a22b6","Warn: containerImage not pinned by hash: web/Dockerfile:1","Warn: containerImage not pinned by hash: web/Dockerfile:32: pin your Docker image by updating alpine:3.19 to alpine:3.19@sha256:e5d0aea7f7d2954678a9a6269ca2d06e06591881161961ea59e974dff3f12377","Warn: goCommand not pinned by hash: collector/Dockerfile:23-26","Warn: goCommand not pinned by hash: image_resolver/Dockerfile:24-27","Info:   0 out of  18 containerImage dependencies pinned","Info:   0 out of   2 goCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":["Warn: 0 commits out of 9 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"SAST tool is not run on all commits -- score normalized to 0","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:20:04Z","repo":{"name":"gitlab.gwdg.de/subugoe/puppet-as-a-service","commit":"6d844edf3e4219264bd9e6385206f35b3fb33eb8"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.7,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Info: 'stale review dismissal' is required to merge on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: 'up-to-date branches' is required to merge on branch 'master'","Warn: no status checks found to merge onto branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/5 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:20:06Z","repo":{"name":"gitlab.gwdg.de/subugoe/data-migration-tools","commit":"868a7d634b3e92512bc0848538d72e506c033627"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.7,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Info: 'stale review dismissal' is required to merge on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: 'up-to-date branches' is required to merge on branch 'master'","Warn: no status checks found to merge onto branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/30 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: altimg_uploader/Dockerfile:1","Warn: containerImage not pinned by hash: checkIDsExist/Dockerfile:1: pin your Docker image by updating golang:1.14 to golang:1.14@sha256:1a7173b5b9a3af3e29a5837e0b2027e1c438fd1b83bbee8f221355087ad416d6","Warn: containerImage not pinned by hash: pdf_converter/Dockerfile:1","Warn: containerImage not pinned by hash: pdf_converter_collector/Dockerfile:1","Warn: containerImage not pinned by hash: pdf_converter_collector/Dockerfile:27: pin your Docker image by updating alpine:3.12 to alpine:3.12@sha256:c75ac27b49326926b803b9ed43bf088bc220d22556de1bc5f72d742c91398f69","Warn: containerImage not pinned by hash: uploader/Dockerfile:1","Warn: goCommand not pinned by hash: checkIDsExist/Dockerfile:5","Info:   0 out of   6 containerImage dependencies pinned","Info:   4 out of   5 goCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 3","score":3},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:26:44Z","repo":{"name":"gitlab.gwdg.de/fe/technical-reference","commit":"02598f1408480309df3f6d6e85801db15edd113e"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.9,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"0 out of 5 merged PRs checked by a CI test -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 5/13 approved changesets -- score normalized to 3","score":3},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Creative Commons Zero v1.0 Universal: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file detected","score":10},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: 0 commits out of 22 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"SAST tool is not run on all commits -- score normalized to 0","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":["Warn: release artifact v2.14.1 not signed: https://gitlab.gwdg.de/fe/technical-reference/uploads/f3a3a107ad819515cf56e28f891a8f90/technical-reference.epub","Warn: release artifact v2.14.0 not signed: https://gitlab.gwdg.de/fe/technical-reference/uploads/db544db71d668fb1a6375ded1d131d42/technical-reference.epub","Warn: release artifact v2.13.0 not signed: https://gitlab.gwdg.de/fe/technical-reference/uploads/c20ab8eb9a280c8bc565e875f6801409/technical-reference.epub","Warn: release artifact v2.12.2 not signed: https://gitlab.gwdg.de/fe/technical-reference/uploads/4f55af033831d9f08eba8ee8ad26dec3/technical-reference.md","Warn: release artifact v2.12.1 not signed: https://gitlab.gwdg.de/fe/technical-reference/uploads/c8402815d336a2d2841e881e44d42061/technical-reference.pdf","Warn: release artifact v2.14.1 does not have provenance: https://gitlab.gwdg.de/fe/technical-reference/uploads/f3a3a107ad819515cf56e28f891a8f90/technical-reference.epub","Warn: release artifact v2.14.0 does not have provenance: https://gitlab.gwdg.de/fe/technical-reference/uploads/db544db71d668fb1a6375ded1d131d42/technical-reference.epub","Warn: release artifact v2.13.0 does not have provenance: https://gitlab.gwdg.de/fe/technical-reference/uploads/c20ab8eb9a280c8bc565e875f6801409/technical-reference.epub","Warn: release artifact v2.12.2 does not have provenance: https://gitlab.gwdg.de/fe/technical-reference/uploads/4f55af033831d9f08eba8ee8ad26dec3/technical-reference.md","Warn: release artifact v2.12.1 does not have provenance: https://gitlab.gwdg.de/fe/technical-reference/uploads/c8402815d336a2d2841e881e44d42061/technical-reference.pdf"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"Project has not signed or included provenance with any releases.","score":0},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:20:13Z","repo":{"name":"gitlab.gwdg.de/subugoe/topic-maps","commit":"1e81e8bd924d1675e01ec172f8f560c123861542"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.7,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Info: 'stale review dismissal' is required to merge on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: 'up-to-date branches' is required to merge on branch 'master'","Warn: no status checks found to merge onto branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/24 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:20:15Z","repo":{"name":"gitlab.gwdg.de/subugoe/opac_scan_and_deliver","commit":"ac5b9cc61e45218f52a1891106cebe574db9cd1a"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.7,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Info: 'stale review dismissal' is required to merge on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: 'up-to-date branches' is required to merge on branch 'master'","Warn: no status checks found to merge onto branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/4 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:20:16Z","repo":{"name":"gitlab.gwdg.de/subugoe/pazpar2-js-client","commit":"1bfc40b985f358b930928599ab4951881a9897ff"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.7,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Info: 'stale review dismissal' is required to merge on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: 'up-to-date branches' is required to merge on branch 'master'","Warn: no status checks found to merge onto branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/30 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:20:19Z","repo":{"name":"gitlab.gwdg.de/subugoe/frontend-templating","commit":"e829b618a1ce4b2c7d5291aae0b04593113ebf1f"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.7,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Info: 'stale review dismissal' is required to merge on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: 'up-to-date branches' is required to merge on branch 'master'","Warn: no status checks found to merge onto branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/13 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:20:20Z","repo":{"name":"gitlab.gwdg.de/subugoe/site-adw-base","commit":"5c9f63250b0b97cb430c8d4fdddf0d72cd13692d"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.5,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/14 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating php:7.4-apache-bullseye to php:7.4-apache-bullseye@sha256:c9d7e608f73832673479770d66aacc8100011ec751d1905ff63fae3fe2e0ca6d","Warn: downloadThenRun not pinned by hash: Dockerfile:8-55","Warn: downloadThenRun not pinned by hash: Dockerfile:8-55","Info:   0 out of   1 containerImage dependencies pinned","Info:   0 out of   2 downloadThenRun dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:27:17Z","repo":{"name":"gitlab.gwdg.de/subugoe/prometheus-conf","commit":"8dbc3867c75c976605483d058ef3725de8dc7c2c"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.7,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Info: 'stale review dismissal' is required to merge on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: 'up-to-date branches' is required to merge on branch 'master'","Warn: no status checks found to merge onto branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/15 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:20:22Z","repo":{"name":"gitlab.gwdg.de/subugoe/gdz-base","commit":"f51117d173334473424a7627e057c13fcac971ab"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.5,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/28 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating php:8.2-fpm-bullseye to php:8.2-fpm-bullseye@sha256:c85308ccb35c4adc92c7da8106daf46f03a332f458a73193a313d62d86d9326b","Warn: downloadThenRun not pinned by hash: Dockerfile:9-70","Warn: downloadThenRun not pinned by hash: Dockerfile:9-70","Info:   0 out of   1 containerImage dependencies pinned","Info:   0 out of   2 downloadThenRun dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:20:24Z","repo":{"name":"gitlab.gwdg.de/subugoe/sub-docker-sdk","commit":"d81067106836ea17489a612c6fd15d2e70ae7749"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.5,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/30 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: docker/frontend-lint/Dockerfile:1: pin your Docker image by updating node:18-alpine to node:18-alpine@sha256:8d6421d663b4c28fd3ebc498332f249011d118945588d0a35cb9bc4b8ca09d9e","Warn: containerImage not pinned by hash: docker/php-test/Dockerfile:1: pin your Docker image by updating php:7.4-fpm-alpine3.11 to php:7.4-fpm-alpine3.11@sha256:31e6178fcb5b8d865d3bad1651cea888ea5e9d3272db847d58a89950ec52fe18","Warn: containerImage not pinned by hash: docker/web-maintenance/Dockerfile:1: pin your Docker image by updating nginx:1.16.1-alpine to nginx:1.16.1-alpine@sha256:5057451e461dda671da5e951019ddbff9d96a751fc7d548053523ca1f848c1ad","Warn: containerImage not pinned by hash: examples/geonames/Dockerfile:1: pin your Docker image by updating solr:8.4-slim to solr:8.4-slim@sha256:948e9d6141d8512323d0828050eed53e1a8b07cc28a5bc1f83bf8700ee4f05d3","Warn: containerImage not pinned by hash: tools/k8s-deployer/Dockerfile:1: pin your Docker image by updating alpine:3 to alpine:3@sha256:8a1f59ffb675680d47db6337b49d22281a139e9d709335b492be023728e11715","Warn: downloadThenRun not pinned by hash: docker/php-test/Dockerfile:14-64","Info:   0 out of   5 containerImage dependencies pinned","Info:   0 out of   1 downloadThenRun dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:20:28Z","repo":{"name":"gitlab.gwdg.de/subugoe/site-oa-network","commit":"6a2e38f11d04faba6a80bfbdcae931de3849ec13"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.7,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Info: 'stale review dismissal' is required to merge on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: 'up-to-date branches' is required to merge on branch 'master'","Warn: no status checks found to merge onto branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/1 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:20:30Z","repo":{"name":"gitlab.gwdg.de/subugoe/nlh-solr","commit":"5c9de5735b058476de48170fa1372ec8cf50a54b"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.7,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Info: 'stale review dismissal' is required to merge on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: 'up-to-date branches' is required to merge on branch 'master'","Warn: no status checks found to merge onto branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"0 out of 1 merged PRs checked by a CI test -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/29 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: GNU Affero General Public License v3.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file detected","score":10},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: Dockerfile:2: pin your Docker image by updating solr:6.5.1 to solr:6.5.1@sha256:8da7e6e5780deb1c0200275987de737a2bd9b06a27f7b53cd09dbd84427c19e0","Info:   0 out of   1 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":["Warn: 0 commits out of 2 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"SAST tool is not run on all commits -- score normalized to 0","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:20:32Z","repo":{"name":"gitlab.gwdg.de/subugoe/nlh-base","commit":"2607ed05644b4f1c56505022d689d7a2f4b6675d"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.5,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"0 out of 2 merged PRs checked by a CI test -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 2/20 approved changesets -- score normalized to 1","score":1},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating php:7.4-fpm to php:7.4-fpm@sha256:3ac7c8c74b2b047c7cb273469d74fc0d59b857aa44043e6ea6a0084372811d5b","Warn: downloadThenRun not pinned by hash: Dockerfile:9-52","Info:   0 out of   1 containerImage dependencies pinned","Info:   0 out of   1 downloadThenRun dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":["Warn: 0 commits out of 4 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"SAST tool is not run on all commits -- score normalized to 0","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:20:38Z","repo":{"name":"gitlab.gwdg.de/subugoe/site-sub","commit":"04c47f09ae218a041a179dc1257207a1290cfb80"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.5,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Info: 'stale review dismissal' is required to merge on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: 'up-to-date branches' is required to merge on branch 'master'","Warn: no status checks found to merge onto branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/30 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating docker.gitlab.gwdg.de/subugoe/typo3-base:master to docker.gitlab.gwdg.de/subugoe/typo3-base:master@sha256:920b9e838bec72b0c7c66295d7a9e80a3f12592954ed6b566214a70ecc8610de","Warn: containerImage not pinned by hash: build/docker/web/Dockerfile:1: pin your Docker image by updating webdevops/php-apache-dev:7.4 to webdevops/php-apache-dev:7.4@sha256:06e5fee8f1b890af0bba02d54be9f6c228f871c96d5d7ec7775e553c144feffe","Warn: downloadThenRun not pinned by hash: build/docker/web/Dockerfile:3-9","Info:   0 out of   2 containerImage dependencies pinned","Info:   0 out of   1 downloadThenRun dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:20:41Z","repo":{"name":"gitlab.gwdg.de/subugoe/typo3-base","commit":"94b41b2933b9b05a4940026930f65077d061733f"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.5,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Info: 'stale review dismissal' is required to merge on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: 'up-to-date branches' is required to merge on branch 'master'","Warn: no status checks found to merge onto branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/17 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating php:7.4-apache to php:7.4-apache@sha256:c9d7e608f73832673479770d66aacc8100011ec751d1905ff63fae3fe2e0ca6d","Warn: downloadThenRun not pinned by hash: Dockerfile:8-66","Info:   0 out of   1 downloadThenRun dependencies pinned","Info:   0 out of   1 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:20:43Z","repo":{"name":"gitlab.gwdg.de/subugoe/site-aac","commit":"07fd12b4b406c41d1e52465ba8505e77cee00780"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.5,"checks":[{"details":["Warn: binary detected: packages/tmpl_fidaac/Tests/libs/BrowserStackLocal:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"binaries present in source code","score":9},{"details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection not enabled on development/release branches","score":0},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/30 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Info: Project packages its releases by way of GitHub Actions.: gitlabscorecard_flattened_ci.yaml:19"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow detected","score":10},{"details":["Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating php:7.0-apache to php:7.0-apache@sha256:1d34b2e491a02ba7a8d26478132015e197a5ffea37f0a93b42621d11cfe042cc","Warn: downloadThenRun not pinned by hash: Dockerfile:9-49","Info:   0 out of   1 containerImage dependencies pinned","Info:   0 out of   1 downloadThenRun dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:20:49Z","repo":{"name":"gitlab.gwdg.de/subugoe/site-typo3","commit":"f691ebe7cecb9916e917c30ebc4ae203c22e324b"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.5,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Info: 'stale review dismissal' is required to merge on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: 'up-to-date branches' is required to merge on branch 'master'","Warn: no status checks found to merge onto branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/3 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating php:7.2-apache to php:7.2-apache@sha256:4dc0f0115acf8c2f0df69295ae822e49f5ad5fe849725847f15aa0e5802b55f8","Warn: downloadThenRun not pinned by hash: Dockerfile:9-51","Info:   0 out of   1 containerImage dependencies pinned","Info:   0 out of   1 downloadThenRun dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:20:50Z","repo":{"name":"gitlab.gwdg.de/subugoe/site-qmh","commit":"a8ecd54875e614d3be45d6d740e84867d49ff8e2"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":3.5,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/30 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: GNU Affero General Public License v3.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file detected","score":10},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Info: Project packages its releases by way of GitHub Actions.: gitlabscorecard_flattened_ci.yaml:544"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow detected","score":10},{"details":["Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating php:7.4-apache to php:7.4-apache@sha256:c9d7e608f73832673479770d66aacc8100011ec751d1905ff63fae3fe2e0ca6d","Warn: downloadThenRun not pinned by hash: Dockerfile:10-47","Info:   0 out of   1 containerImage dependencies pinned","Info:   0 out of   1 downloadThenRun dependencies pinned","Info:   1 out of   1 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 3","score":3},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:20:52Z","repo":{"name":"gitlab.gwdg.de/subugoe/site-leibniz","commit":"38d28adec4639cfd01ed82be1b2c7b61d1e0c22d"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":3.3,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Info: 'stale review dismissal' is required to merge on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: 'up-to-date branches' is required to merge on branch 'master'","Warn: no status checks found to merge onto branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/26 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: GNU Affero General Public License v3.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file detected","score":10},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Info: Project packages its releases by way of GitHub Actions.: gitlabscorecard_flattened_ci.yaml:17"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow detected","score":10},{"details":["Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating node:10.15.3-jessie to node:10.15.3-jessie@sha256:ab1dc93500c1bc99849838065a131001e51345ccb8c1ee889095b39e027feec8","Warn: npmCommand not pinned by hash: Dockerfile:17-19","Warn: npmCommand not pinned by hash: Dockerfile:17-19","Warn: npmCommand not pinned by hash: Dockerfile:17-19","Warn: npmCommand not pinned by hash: Dockerfile:21-22","Info:   0 out of   1 containerImage dependencies pinned","Info:   0 out of   4 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:20:54Z","repo":{"name":"gitlab.gwdg.de/subugoe/openapi4restxq","commit":"b02ef552c94e424b87e70805f39a0ba5cd41d4bd"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.3,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Warn: branch protection not enabled for branch 'develop'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection not enabled on development/release branches","score":0},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"0 out of 5 merged PRs checked by a CI test -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 1/23 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: BSD Zero Clause License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file detected","score":10},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating ubuntu:bionic-20190204 to ubuntu:bionic-20190204@sha256:7a47ccc3bbe8a451b500d2b53104868b46d60ee8f5b35a24b41a86077c650210","Warn: downloadThenRun not pinned by hash: Dockerfile:4","Info:   0 out of   1 containerImage dependencies pinned","Info:   0 out of   1 downloadThenRun dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":["Warn: 0 commits out of 12 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"SAST tool is not run on all commits -- score normalized to 0","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:20:55Z","repo":{"name":"gitlab.gwdg.de/subugoe/nlh","commit":"c6c0a83a95ddfb31531a1a8bb865353a49634b49"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.7,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Info: 'stale review dismissal' is required to merge on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: 'up-to-date branches' is required to merge on branch 'master'","Warn: no status checks found to merge onto branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/26 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:20:58Z","repo":{"name":"gitlab.gwdg.de/subugoe/theology-inscriptions","commit":"8c925972f266e75232afb453a52b8f8e7b918fd7"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.3,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Warn: branch protection not enabled for branch 'dev'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection not enabled on development/release branches","score":0},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/30 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: docker/app/Dockerfile:1: pin your Docker image by updating php:7.4-fpm-alpine to php:7.4-fpm-alpine@sha256:0aeb129a60daff2874c5c70fcd9d88cdf3015b4fb4cc7c3f1a32a21e84631036","Warn: containerImage not pinned by hash: docker/app/Dockerfile.dev:1: pin your Docker image by updating docker.gitlab.gwdg.de/subugoe/theology-inscriptions/base:dev to docker.gitlab.gwdg.de/subugoe/theology-inscriptions/base:dev@sha256:4d3f96ccc93bc74462e1550ac41c4b1d999dac9e77675550d6874ec7fd51781a","Warn: containerImage not pinned by hash: docker/app/Dockerfile.prod:1: pin your Docker image by updating docker.gitlab.gwdg.de/subugoe/theology-inscriptions/base:dev to docker.gitlab.gwdg.de/subugoe/theology-inscriptions/base:dev@sha256:4d3f96ccc93bc74462e1550ac41c4b1d999dac9e77675550d6874ec7fd51781a","Warn: containerImage not pinned by hash: docker/search/Dockerfile:1","Warn: containerImage not pinned by hash: docker/search/Dockerfile:10: pin your Docker image by updating docker.elastic.co/elasticsearch/elasticsearch:6.8.21 to docker.elastic.co/elasticsearch/elasticsearch:6.8.21@sha256:a2515ad7b25fb05fec667ad562a07a633fbece9177db84267a1a594f6b732a11","Warn: downloadThenRun not pinned by hash: docker/app/Dockerfile:41-148","Warn: downloadThenRun not pinned by hash: docker/app/Dockerfile:41-148","Warn: downloadThenRun not pinned by hash: docker/app/entrypoint.d/composer-init.sh:129","Info:   0 out of   5 containerImage dependencies pinned","Info:   0 out of   3 downloadThenRun dependencies pinned","Info:   4 out of   4 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 3","score":3},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:21:05Z","repo":{"name":"gitlab.gwdg.de/subugoe/manifests","commit":"d30f6b58fa9978d6bb50e58774d810fcff1c0996"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":3.3,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Info: 'stale review dismissal' is required to merge on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: 'up-to-date branches' is required to merge on branch 'master'","Warn: no status checks found to merge onto branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/17 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: GNU Affero General Public License v3.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file detected","score":10},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Info: Project packages its releases by way of GitHub Actions.: gitlabscorecard_flattened_ci.yaml:11"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow detected","score":10},{"details":["Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating php:7.2-fpm-alpine3.7 to php:7.2-fpm-alpine3.7@sha256:a990e5ff7b2e5a77ecfa904186d791fe6a0c52a267a607b6a578e6a48d9e1e29","Warn: downloadThenRun not pinned by hash: Dockerfile:15-27","Info:   0 out of   1 containerImage dependencies pinned","Info:   0 out of   1 downloadThenRun dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:21:08Z","repo":{"name":"gitlab.gwdg.de/subugoe/nlh-app","commit":"f914a63a92df2eadb24fb12bb1eb37b548fb1e95"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":3.6,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Warn: branch protection not enabled for branch 'develop'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection not enabled on development/release branches","score":0},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/30 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: GNU Affero General Public License v3.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file detected","score":10},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"13 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10","score":10},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating php:8.2-fpm to php:8.2-fpm@sha256:0c6914a11ea6d8de6ee25ec6129d69f482f5c47f0bab91a7699a36832afd5265","Warn: downloadThenRun not pinned by hash: Dockerfile:10-63","Warn: downloadThenRun not pinned by hash: Dockerfile:10-63","Info:   0 out of   2 downloadThenRun dependencies pinned","Info:   1 out of   1 npmCommand dependencies pinned","Info:   0 out of   1 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 2","score":2},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:21:12Z","repo":{"name":"gitlab.gwdg.de/subugoe/site-adw","commit":"7dca24388f0c454e2217b1da02ddde35beb925b5"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.7,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Info: 'stale review dismissal' is required to merge on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: 'up-to-date branches' is required to merge on branch 'master'","Warn: no status checks found to merge onto branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"0 out of 4 merged PRs checked by a CI test -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 2/27 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: GNU Affero General Public License v3.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file detected","score":10},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating docker.gitlab.gwdg.de/subugoe/site-adw-base:master to docker.gitlab.gwdg.de/subugoe/site-adw-base:master@sha256:396467e72fd6e9b789eca8db1e0f519dfd6604d09d2e3189927048a531d1394f","Info:   0 out of   1 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":["Warn: 0 commits out of 7 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"SAST tool is not run on all commits -- score normalized to 0","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:21:16Z","repo":{"name":"gitlab.gwdg.de/subugoe/DigiZeitExplorer","commit":"c88e261ebc91a8155b1dbf98779618d853f1f088"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.6,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Info: 'stale review dismissal' is required to merge on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: 'up-to-date branches' is required to merge on branch 'master'","Warn: no status checks found to merge onto branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"0 out of 1 merged PRs checked by a CI test -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/12 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: 0 commits out of 2 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"SAST tool is not run on all commits -- score normalized to 0","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:21:17Z","repo":{"name":"gitlab.gwdg.de/subugoe/typo3-goobit3-dz","commit":"285180f18b3882c470a8b220eb47ac855d521531"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.7,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Info: 'stale review dismissal' is required to merge on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: 'up-to-date branches' is required to merge on branch 'master'","Warn: no status checks found to merge onto branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/30 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":["Warn: Repository is archived."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"project is archived","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:21:18Z","repo":{"name":"gitlab.gwdg.de/subugoe/mindexer-zvdd","commit":"25a18877a06098bfe8348b5c6e6000f5a6fee3fd"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.7,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Info: 'stale review dismissal' is required to merge on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: 'up-to-date branches' is required to merge on branch 'master'","Warn: no status checks found to merge onto branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/30 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:21:19Z","repo":{"name":"gitlab.gwdg.de/subugoe/mindexer-gdz","commit":"f3e0b1d70aa3689547b286f82db62a9ff1214077"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.7,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Info: 'stale review dismissal' is required to merge on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: 'up-to-date branches' is required to merge on branch 'master'","Warn: no status checks found to merge onto branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/1 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":["Warn: Repository is archived."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"project is archived","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:21:21Z","repo":{"name":"gitlab.gwdg.de/subugoe/mindexer-digizeit","commit":"4a26a92cf6b560d6ba81228461861e2263eebcd4"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.7,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Info: 'stale review dismissal' is required to merge on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: 'up-to-date branches' is required to merge on branch 'master'","Warn: no status checks found to merge onto branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/30 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":["Warn: Repository is archived."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"project is archived","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:21:22Z","repo":{"name":"gitlab.gwdg.de/subugoe/lab.sub","commit":"c919c5b2808f1f4ca788263774c81f49a0a2a335"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":3.0,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"0 out of 2 merged PRs checked by a CI test -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/27 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file detected","score":10},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"4 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 3","score":3},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: Dockerfile:1","Warn: containerImage not pinned by hash: Dockerfile:12","Warn: containerImage not pinned by hash: Dockerfile:18: pin your Docker image by updating caddy:2-alpine to caddy:2-alpine@sha256:e2e3a089760c453bc51c4e718342bd7032d6714f15b437db7121bfc2de2654a6","Warn: npmCommand not pinned by hash: Dockerfile:16","Info:   0 out of   1 npmCommand dependencies pinned","Info:   0 out of   3 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":["Warn: 0 commits out of 5 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"SAST tool is not run on all commits -- score normalized to 0","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:21:29Z","repo":{"name":"gitlab.gwdg.de/subugoe/gjz18solr-docker","commit":"577bfa8fda0fde783ae6c9b2b85f15b049443a53"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.1,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection not enabled on development/release branches","score":0},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/2 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: docker/solr/Dockerfile_solr:27: pin your Docker image by updating solr:5.5 to solr:5.5@sha256:45094b7312daddd2b7fd814586d1be2531a09ef2c30b2f6865de61e06924e0c7","Info:   0 out of   1 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:21:31Z","repo":{"name":"gitlab.gwdg.de/subugoe/gdz-app","commit":"621a9a870786440d7477a76d90ed898b5f881753"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":3.3,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Warn: branch protection not enabled for branch 'develop'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection not enabled on development/release branches","score":0},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"0 out of 1 merged PRs checked by a CI test -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/29 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Info: detected update tool: RenovateBot: renovate.json:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"update tool detected","score":10},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: GNU Affero General Public License v3.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file detected","score":10},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"1 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: Dockerfile:1","Info:   0 out of   1 containerImage dependencies pinned","Info:   1 out of   1 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 5","score":5},{"details":["Warn: 0 commits out of 2 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"SAST tool is not run on all commits -- score normalized to 0","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":["Warn: release artifact 1.6.0 not signed: ","Warn: release artifact 1.2.0 not signed: ","Warn: release artifact 1.6.0 does not have provenance: ","Warn: release artifact 1.2.0 does not have provenance: "],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"Project has not signed or included provenance with any releases.","score":0},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:21:33Z","repo":{"name":"gitlab.gwdg.de/subugoe/digizeit-oai","commit":"9d0a89dcdbace3fea26b1a251b731b2723dac67f"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.2,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection not enabled on development/release branches","score":0},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/14 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:21:35Z","repo":{"name":"gitlab.gwdg.de/subugoe/fwb-app","commit":"1f2dfd6997d18e9ea26842dd6db9567e826e9c4d"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":4.3,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'develop'","Warn: 'force pushes' enabled on branch 'develop'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'develop'","Info: 'stale review dismissal' is required to merge on branch 'develop'","Warn: codeowners review is not required on branch 'develop'","Info: 'up-to-date branches' is required to merge on branch 'develop'","Warn: no status checks found to merge onto branch 'develop'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":1},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/30 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Info: detected update tool: RenovateBot: renovate.json:1"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"update tool detected","score":10},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: GNU Affero General Public License v3.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file detected","score":10},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"13 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10","score":10},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: Dockerfile:1","Warn: containerImage not pinned by hash: Dockerfile:8: pin your Docker image by updating php:8.1-fpm-alpine to php:8.1-fpm-alpine@sha256:0ac11fca1c9c79fa035c276e18580f3679f85b224e586e08ac26ef266b30db3d","Warn: downloadThenRun not pinned by hash: Dockerfile:26-41","Info:   0 out of   2 containerImage dependencies pinned","Info:   1 out of   1 npmCommand dependencies pinned","Info:   0 out of   1 downloadThenRun dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 2","score":2},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":["Warn: release artifact 5.7.8 not signed: ","Warn: release artifact 5.5.0 not signed: ","Warn: release artifact 5.7.8 does not have provenance: ","Warn: release artifact 5.5.0 does not have provenance: "],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"Project has not signed or included provenance with any releases.","score":0},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:21:39Z","repo":{"name":"gitlab.gwdg.de/subugoe/jenkins-docker","commit":"ea03e2b5ea7f5e68412c7399c3c353356df1ab45"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.1,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection not enabled on development/release branches","score":0},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/2 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":["Warn: Repository is archived."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"project is archived","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: docker/main/Dockerfile_main:29: pin your Docker image by updating jenkins/jenkins:lts to jenkins/jenkins:lts@sha256:f4607803bd1ee4dc91b1695b07d3a04c77b4f575a507ff65375af888e1497662","Info:   0 out of   1 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:21:41Z","repo":{"name":"gitlab.gwdg.de/subugoe/quellen","commit":"50ec80221c58a199676f7bc18905b216072bdc8b"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.9,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection not enabled on development/release branches","score":0},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/30 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: GNU Affero General Public License v3.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file detected","score":10},{"details":["Warn: Repository is archived."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"project is archived","score":0},{"details":["Info: Project packages its releases by way of GitHub Actions.: gitlabscorecard_flattened_ci.yaml:11"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow detected","score":10},{"details":["Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating php:7.4-fpm-alpine3.10 to php:7.4-fpm-alpine3.10@sha256:aee59fc9454251f47f292f5a2b503fd2a33263fb115ae979d18d756a016198d7","Warn: downloadThenRun not pinned by hash: Dockerfile:12-25","Info:   0 out of   1 containerImage dependencies pinned","Info:   0 out of   1 downloadThenRun dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:21:42Z","repo":{"name":"gitlab.gwdg.de/subugoe/checkfolder","commit":"478defe59ab6ec97f7d11f62a21910e780f8c784"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.5,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection not enabled on development/release branches","score":0},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/30 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: GNU Affero General Public License v3.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file detected","score":10},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"2 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1","score":1},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating php:8.3-cli-alpine to php:8.3-cli-alpine@sha256:d9220be958b09a6ffe683735c54f890ba08a381df69fff7cdb9636c4327d130c","Info:   0 out of   1 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:21:45Z","repo":{"name":"gitlab.gwdg.de/nneuman2/php7-docker","commit":"0c624902bd4980636bf4698a91b077a356961f0d"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.5,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Info: 'stale review dismissal' is required to merge on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: 'up-to-date branches' is required to merge on branch 'master'","Warn: no status checks found to merge onto branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/1 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: Dockerfile:2: pin your Docker image by updating ubuntu:16.04 to ubuntu:16.04@sha256:1f1a2d56de1d604801a9671f301190704c25d604a416f59e03c04f5c6ffee0d6","Info:   0 out of   1 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:21:46Z","repo":{"name":"gitlab.gwdg.de/subugoe/site-fidmath","commit":"328680d5f3afdcc542e2ccdb7b8e71c8605df1f5"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.8,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Warn: branch protection not enabled for branch 'develop'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection not enabled on development/release branches","score":0},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/30 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: GNU General Public License v3.0 only: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file detected","score":10},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating docker.gitlab.gwdg.de/subugoe/typo3-base:php8 to docker.gitlab.gwdg.de/subugoe/typo3-base:php8@sha256:a1617295dc606b5dbae67b48a0d52830c747d1ced96155efd82ba163cc264dc3","Info:   1 out of   1 npmCommand dependencies pinned","Info:   0 out of   1 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 5","score":5},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:21:48Z","repo":{"name":"gitlab.gwdg.de/subugoe/fams","commit":"9fc8217c07777bd09799709d71118ed3e5f3e63b"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.7,"checks":[{"details":["Warn: binary detected: gradle/wrapper/gradle-wrapper.jar:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"binaries present in source code","score":9},{"details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Info: 'stale review dismissal' is required to merge on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: 'up-to-date branches' is required to merge on branch 'master'","Warn: no status checks found to merge onto branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/30 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Info: project has a license file: LICENSE.md:0","Info: FSF or OSI recognized license: GNU Affero General Public License v3.0: LICENSE.md:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file detected","score":10},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating openjdk:8-jdk-alpine to openjdk:8-jdk-alpine@sha256:94792824df2df33402f201713f932b58cb9de94a0cd524164a0f2283343547b3","Info:   0 out of   1 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:21:50Z","repo":{"name":"gitlab.gwdg.de/subugoe/typo3-goobit3-zvdd","commit":"71f0afa6df542c6f48e14a015131836bdb47fb02"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.2,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection not enabled on development/release branches","score":0},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/30 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:21:51Z","repo":{"name":"gitlab.gwdg.de/subugoe/confluence-docker","commit":"73461a4635455652098c25ccf8b8bbd16d63615e"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.4,"checks":[{"details":["Warn: binary detected: docker/main/oracle-java8-server-jre_8u192_amd64.deb:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"binaries present in source code","score":9},{"details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Info: 'stale review dismissal' is required to merge on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: 'up-to-date branches' is required to merge on branch 'master'","Warn: no status checks found to merge onto branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/19 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: docker/main/Dockerfile_main:29: pin your Docker image by updating ubuntu:18.04 to ubuntu:18.04@sha256:152dc042452c496007f07ca9127571cb9c29697f42acbfad72324b2bb2e43c98","Warn: containerImage not pinned by hash: docker/mysql/Dockerfile_mysql:39: pin your Docker image by updating mysql:5.6 to mysql:5.6@sha256:20575ecebe6216036d25dab5903808211f1e9ba63dc7825ac20cb975e34cfcae","Info:   0 out of   2 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:21:57Z","repo":{"name":"gitlab.gwdg.de/subugoe/goobi-import","commit":"f81576273040ac97802ec03ed698a440f19c7e4a"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.7,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Info: 'stale review dismissal' is required to merge on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: 'up-to-date branches' is required to merge on branch 'master'","Warn: no status checks found to merge onto branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/15 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:21:58Z","repo":{"name":"gitlab.gwdg.de/subugoe/idoit-docker","commit":"9b445ee174369fc4cdd4f20f1435da89224fe115"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.5,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Info: 'stale review dismissal' is required to merge on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: 'up-to-date branches' is required to merge on branch 'master'","Warn: no status checks found to merge onto branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/10 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":["Warn: Repository is archived."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"project is archived","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: docker/main/Dockerfile_main:29: pin your Docker image by updating ubuntu:16.04 to ubuntu:16.04@sha256:1f1a2d56de1d604801a9671f301190704c25d604a416f59e03c04f5c6ffee0d6","Warn: containerImage not pinned by hash: docker/mysql/Dockerfile_mysql:39: pin your Docker image by updating mysql:5.7 to mysql:5.7@sha256:4bc6bc963e6d8443453676cae56536f4b8156d78bae03c0145cbe47c2aad73bb","Info:   0 out of   2 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:22:03Z","repo":{"name":"gitlab.gwdg.de/subugoe/olmsonline-code","commit":"d0494ad0607dbde0c2c56d76012b8c3eb48f9a51"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.6,"checks":[{"details":["Warn: binary detected: htdocs/marc21/20110914_m21.iso:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"binaries present in source code","score":9},{"details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Info: 'stale review dismissal' is required to merge on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: 'up-to-date branches' is required to merge on branch 'master'","Warn: no status checks found to merge onto branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/8 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:22:07Z","repo":{"name":"gitlab.gwdg.de/subugoe/olmsonline-docker","commit":"28853054c35dbbf336a91fdea6c20eddfb78f122"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.5,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Info: 'stale review dismissal' is required to merge on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: 'up-to-date branches' is required to merge on branch 'master'","Warn: no status checks found to merge onto branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/29 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: docker/main/Dockerfile_main:29: pin your Docker image by updating ubuntu:12.04 to ubuntu:12.04@sha256:18305429afa14ea462f810146ba44d4363ae76e4c8dfc38288cf73aa07485005","Warn: containerImage not pinned by hash: docker/mysql/Dockerfile_mysql:12: pin your Docker image by updating mysql:5.7 to mysql:5.7@sha256:4bc6bc963e6d8443453676cae56536f4b8156d78bae03c0145cbe47c2aad73bb","Warn: containerImage not pinned by hash: docker/tomcat/Dockerfile_tomcat:29: pin your Docker image by updating ubuntu:12.04 to ubuntu:12.04@sha256:18305429afa14ea462f810146ba44d4363ae76e4c8dfc38288cf73aa07485005","Info:   0 out of   3 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:22:33Z","repo":{"name":"gitlab.gwdg.de/subugoe/nestor-code","commit":"5b146bfedf1164ac3cf0abeb048f09d7c5e320d5"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.7,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Info: 'stale review dismissal' is required to merge on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: 'up-to-date branches' is required to merge on branch 'master'","Warn: no status checks found to merge onto branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/1 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:24:25Z","repo":{"name":"gitlab.gwdg.de/subugoe/gdz-oai","commit":"94a5f39c5ee051ed0bc82d607ded0c35b6831423"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.2,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection not enabled on development/release branches","score":0},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/7 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:24:26Z","repo":{"name":"gitlab.gwdg.de/subugoe/nestor-docker","commit":"90e2552ba2cb7ffb78fe02d925aba860c4c04e6a"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.1,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection not enabled on development/release branches","score":0},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/12 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: docker/main/Dockerfile_main:30: pin your Docker image by updating ubuntu:16.04 to ubuntu:16.04@sha256:1f1a2d56de1d604801a9671f301190704c25d604a416f59e03c04f5c6ffee0d6","Warn: containerImage not pinned by hash: docker/mysql/Dockerfile_mysql:12: pin your Docker image by updating mysql:5.7 to mysql:5.7@sha256:4bc6bc963e6d8443453676cae56536f4b8156d78bae03c0145cbe47c2aad73bb","Warn: containerImage not pinned by hash: docker/sftp/Dockerfile_sftp:29: pin your Docker image by updating ubuntu:16.04 to ubuntu:16.04@sha256:1f1a2d56de1d604801a9671f301190704c25d604a416f59e03c04f5c6ffee0d6","Warn: containerImage not pinned by hash: docker/web/Dockerfile_web:29: pin your Docker image by updating ubuntu:16.04 to ubuntu:16.04@sha256:1f1a2d56de1d604801a9671f301190704c25d604a416f59e03c04f5c6ffee0d6","Info:   0 out of   4 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:24:29Z","repo":{"name":"gitlab.gwdg.de/subugoe/website-DARIAH-EU","commit":"e92bb0d01e08ff649e5d71ca23271e4bbc00b145"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.2,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Warn: branch protection not enabled for branch 'gh-pages'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection not enabled on development/release branches","score":0},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/30 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:24:56Z","repo":{"name":"gitlab.gwdg.de/fe/wapcas-python-client","commit":"70c8fca114fd35d627dc05e1cf100e4251929af3"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":3.1,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/2 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no dangerous workflow patterns detected","score":10},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":["Warn: Repository was created in last 90 days."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"project was created in last 90 days. please review its contents carefully","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/fe/wapcas-python-client/python.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/python.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/fe/wapcas-python-client/python.yml/main?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/python.yml:26","Warn: pipCommand not pinned by hash: .github/workflows/python.yml:27","Warn: pipCommand not pinned by hash: .github/workflows/python.yml:28","Info:   0 out of   2 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   3 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":["Warn: no topLevel permission defined: .github/workflows/python.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"detected GitHub workflow tokens with excessive permissions","score":0},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:24:57Z","repo":{"name":"gitlab.gwdg.de/fe/wapcas-python-client-generator","commit":"676c44b8a39afa9e710c82c17bfe149e45651867"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.7,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/1 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":["Warn: Repository was created in last 90 days."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"project was created in last 90 days. please review its contents carefully","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:24:59Z","repo":{"name":"gitlab.gwdg.de/fe/gkfi-website","commit":"08ac5dc3e643dbe70e9b58b9b91cdadd1bd7e6b4"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":3.4,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"0 out of 5 merged PRs checked by a CI test -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 1/15 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"14 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10","score":10},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: Dockerfile:3: pin your Docker image by updating node:lts-bookworm to node:lts-bookworm@sha256:0c0734eb7051babbb3e95cd74e684f940552b31472152edf0bb23e54ab44a0d7","Warn: npmCommand not pinned by hash: Dockerfile:28","Info:   0 out of   1 containerImage dependencies pinned","Info:   0 out of   1 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":["Warn: 0 commits out of 16 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"SAST tool is not run on all commits -- score normalized to 0","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:25:05Z","repo":{"name":"gitlab.gwdg.de/fe/tplenarydae_conferences","commit":"d3ce22448a08a01ddf480e28fffb4ec60229436d"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":3.8,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/1 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10","score":10},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:25:06Z","repo":{"name":"gitlab.gwdg.de/fe/textplus_2.0","commit":"6ca51026a3941cbfc624a944bb7ed1b9dbbe1f29"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":3.8,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"internal error: internal error: Client.Repositories.ListCheckRunsForRef: request for pipelines returned error: GET https://gitlab.gwdg.de/api/v4/projects/43203/pipelines: 403 {message: 403 Forbidden}","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/3 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 8","score":8},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":null,"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"internal error: internal error: Client.Checks.ListCheckRunsForRef: request for pipelines returned error: GET https://gitlab.gwdg.de/api/v4/projects/43203/pipelines: 403 {message: 403 Forbidden}","score":-1},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:25:07Z","repo":{"name":"gitlab.gwdg.de/fe/fe-support","commit":"0128afd4d654c1fb903bbdadb8994b8cd1885941"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":3.8,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/2 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10","score":10},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:25:08Z","repo":{"name":"gitlab.gwdg.de/fe/template-digis-student-project","commit":"b9d04f890c27692337440786f1322874c3116e34"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.7,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/1 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:25:10Z","repo":{"name":"gitlab.gwdg.de/fe/wapcas-helm-chart","commit":"fa1cdf67b9782c132848839b32a5284c317a149c"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.6,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"0 out of 2 merged PRs checked by a CI test -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/9 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: 0 commits out of 7 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"SAST tool is not run on all commits -- score normalized to 0","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:25:11Z","repo":{"name":"gitlab.gwdg.de/fe/uncharted-waters","commit":"235000b4fd73c8b22f1f0bcda1b59df924540a84"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.6,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"internal error: error during Releases.setup: GET https://gitlab.gwdg.de/api/v4/projects/36009/releases: 403 {message: 403 Forbidden}: ListReleases failed","score":-1},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/14 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":null,"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"internal error: RepoClient.ListLicenses: error during licensesHandler.setup: couldn't parse gitlab repo license url: ","score":-1},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"internal error: error during Releases.setup: GET https://gitlab.gwdg.de/api/v4/projects/36009/releases: 403 {message: 403 Forbidden}: ListReleases failed","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:25:12Z","repo":{"name":"gitlab.gwdg.de/fe/fcs-demonstrator","commit":"328db32848d7ab9a3e0be8ee3062bbbc99dce6be"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.5,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/15 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: Dockerfile:2: pin your Docker image by updating python:3.11 to python:3.11@sha256:ce3b954c9285a7a145cba620bae03db836ab890b6b9e0d05a3ca522ea00dfbc9","Warn: pipCommand not pinned by hash: Dockerfile:6","Warn: pipCommand not pinned by hash: Dockerfile:7","Info:   0 out of   1 containerImage dependencies pinned","Info:   0 out of   2 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:25:14Z","repo":{"name":"gitlab.gwdg.de/fe/monapipe2wapcas","commit":"a1d5a9c445e7bbd846e2022ed500fa780ef34868"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.4,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"0 out of 1 merged PRs checked by a CI test -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/17 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating python:3.12-slim to python:3.12-slim@sha256:e55523f127124e5edc03ba201e3dbbc85172a2ec40d8651ac752364b23dfd733","Warn: containerImage not pinned by hash: Dockerfile.monaper:1: pin your Docker image by updating jupyter/base-notebook:python-3.8.13 to jupyter/base-notebook:python-3.8.13@sha256:a9cbf18d23e78c23441042501f1a5fa15c3baeae05ccddf6d98dc9624f1d0709","Warn: pipCommand not pinned by hash: Dockerfile:4-5","Warn: pipCommand not pinned by hash: Dockerfile:4-5","Warn: pipCommand not pinned by hash: Dockerfile.monaper:12-14","Info:   0 out of   2 containerImage dependencies pinned","Info:   0 out of   3 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":["Warn: 0 commits out of 14 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"SAST tool is not run on all commits -- score normalized to 0","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:25:16Z","repo":{"name":"gitlab.gwdg.de/fe/openrefine-helm-chart","commit":"b4c76843b54f55c09997af3e9b7fb8cf4a69a5b6"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":3.4,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"internal error: internal error: Client.Repositories.ListCheckRunsForRef: request for pipelines returned error: GET https://gitlab.gwdg.de/api/v4/projects/33712/pipelines: 403 {message: 403 Forbidden}","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/29 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"9 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 7","score":7},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating docker.io/openjdk:17-slim-bullseye to docker.io/openjdk:17-slim-bullseye@sha256:aaa3b3cb27e3e520b8f116863d0580c438ed55ecfa0bc126b41f68c3f62f9774","Info:   0 out of   1 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"internal error: internal error: Client.Checks.ListCheckRunsForRef: request for pipelines returned error: GET https://gitlab.gwdg.de/api/v4/projects/33712/pipelines: 403 {message: 403 Forbidden}","score":-1},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:25:18Z","repo":{"name":"gitlab.gwdg.de/fe/wapcas","commit":"a0f8750531c031d0000026bc52753439445ffdab"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":4.0,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"5 out of 5 merged PRs checked by a CI test -- score normalized to 10","score":10},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 3/8 approved changesets -- score normalized to 3","score":3},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: European Union Public License 1.2: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file detected","score":10},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"19 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10","score":10},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: Dockerfile:5: pin your Docker image by updating docker.io/python:3.13-alpine3.21 to docker.io/python:3.13-alpine3.21@sha256:c9a09c45a4bcc618c7f7128585b8dd0d41d0c31a8a107db4c8255ffe0b69375d","Warn: containerImage not pinned by hash: Dockerfile.dev:5: pin your Docker image by updating docker.io/python:3.13-alpine3.21 to docker.io/python:3.13-alpine3.21@sha256:c9a09c45a4bcc618c7f7128585b8dd0d41d0c31a8a107db4c8255ffe0b69375d","Warn: pipCommand not pinned by hash: Dockerfile:21-22","Warn: pipCommand not pinned by hash: Dockerfile:21-22","Warn: pipCommand not pinned by hash: Dockerfile.dev:9-10","Warn: pipCommand not pinned by hash: Dockerfile.dev:9-10","Info:   0 out of   2 containerImage dependencies pinned","Info:   0 out of   4 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":["Warn: 0 commits out of 27 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"SAST tool is not run on all commits -- score normalized to 0","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":["Warn: release artifact 0.5.0 not signed: ","Warn: release artifact 0.4.0 not signed: ","Warn: release artifact 0.3.0 not signed: ","Warn: release artifact 0.2.1 not signed: ","Warn: release artifact 0.2.0 not signed: ","Warn: release artifact 0.5.0 does not have provenance: ","Warn: release artifact 0.4.0 does not have provenance: ","Warn: release artifact 0.3.0 does not have provenance: ","Warn: release artifact 0.2.1 does not have provenance: ","Warn: release artifact 0.2.0 does not have provenance: "],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"Project has not signed or included provenance with any releases.","score":0},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:25:22Z","repo":{"name":"gitlab.gwdg.de/fe/npm","commit":"a0695ca5f7a4d3c421370bc86786ade3a685da94"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.5,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"internal error: error during Releases.setup: GET https://gitlab.gwdg.de/api/v4/projects/27465/releases: 403 {message: 403 Forbidden}: ListReleases failed","score":-1},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/2 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"internal error: error during Releases.setup: GET https://gitlab.gwdg.de/api/v4/projects/27465/releases: 403 {message: 403 Forbidden}: ListReleases failed","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:25:24Z","repo":{"name":"gitlab.gwdg.de/fe/retrocontext","commit":"fcb82014c1b1d76e0700c0ed5d884c24a5693126"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.7,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/3 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":["Warn: Repository is archived."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"project is archived","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:25:27Z","repo":{"name":"gitlab.gwdg.de/fe/n3-testing","commit":"590ca9a9b6f02a2a541d9e52659e2791ee389f12"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.7,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/12 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":["Warn: Repository is archived."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"project is archived","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:25:29Z","repo":{"name":"gitlab.gwdg.de/fe/sshoc-cae","commit":"ca3df1e54ad8ffea512e280bf87a6c3c0ea027fe"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.4,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"0 out of 2 merged PRs checked by a CI test -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/13 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating docker.io/python:3.10 to docker.io/python:3.10@sha256:33f72df2ad8c9f777bf0adb35b9d89c5d62935cee2af1f9c3224fb6f7da1dc6b","Warn: pipCommand not pinned by hash: Dockerfile:4","Info:   0 out of   1 containerImage dependencies pinned","Info:   0 out of   1 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":["Warn: 0 commits out of 14 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"SAST tool is not run on all commits -- score normalized to 0","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:25:30Z","repo":{"name":"gitlab.gwdg.de/fe/terraform","commit":"1ef8f8cc2ad89e9b1d8cce29acca985dd8802911"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.7,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/3 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:25:32Z","repo":{"name":"gitlab.gwdg.de/fe/historep","commit":"bc8d335d8586a26781267d449a89f6c74ac19e4d"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":1.6,"checks":[{"details":["Warn: binary detected: historep/target/historep/WEB-INF/lib/aopalliance-repackaged-2.3.0-b10.jar:1","Warn: binary detected: historep/target/historep/WEB-INF/lib/hk2-api-2.3.0-b10.jar:1","Warn: binary detected: historep/target/historep/WEB-INF/lib/hk2-locator-2.3.0-b10.jar:1","Warn: binary detected: historep/target/historep/WEB-INF/lib/hk2-utils-2.3.0-b10.jar:1","Warn: binary detected: historep/target/historep/WEB-INF/lib/javassist-3.18.1-GA.jar:1","Warn: binary detected: historep/target/historep/WEB-INF/lib/javax.annotation-api-1.2.jar:1","Warn: binary detected: historep/target/historep/WEB-INF/lib/javax.inject-2.3.0-b10.jar:1","Warn: binary detected: historep/target/historep/WEB-INF/lib/javax.ws.rs-api-2.0.1.jar:1","Warn: binary detected: historep/target/historep/WEB-INF/lib/jersey-client-2.13.jar:1","Warn: binary detected: historep/target/historep/WEB-INF/lib/jersey-common-2.13.jar:1","Warn: binary detected: historep/target/historep/WEB-INF/lib/jersey-container-servlet-2.13.jar:1","Warn: binary detected: historep/target/historep/WEB-INF/lib/jersey-container-servlet-core-2.13.jar:1","Warn: binary detected: historep/target/historep/WEB-INF/lib/jersey-guava-2.13.jar:1","Warn: binary detected: historep/target/historep/WEB-INF/lib/jersey-server-2.13.jar:1","Warn: binary detected: historep/target/historep/WEB-INF/lib/osgi-resource-locator-1.0.1.jar:1","Warn: binary detected: historep/target/historep/WEB-INF/lib/validation-api-1.1.0.Final.jar:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"binaries present in source code","score":0},{"details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Info: 'stale review dismissal' is required to merge on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: 'up-to-date branches' is required to merge on branch 'master'","Warn: no status checks found to merge onto branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/30 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":["Warn: Repository is archived."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"project is archived","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:25:39Z","repo":{"name":"gitlab.gwdg.de/fe/rdf-eingabemaske","commit":"1fb04eae897a83fe9a8c6d6d4179240916961a9c"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.7,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Info: 'stale review dismissal' is required to merge on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: 'up-to-date branches' is required to merge on branch 'master'","Warn: no status checks found to merge onto branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/30 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":["Warn: Repository is archived."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"project is archived","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:25:40Z","repo":{"name":"gitlab.gwdg.de/fe/rdf-anzeige-portlet","commit":"8aedab36c96c58e05a344452f9b6096681a9e66e"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.7,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Info: 'stale review dismissal' is required to merge on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: 'up-to-date branches' is required to merge on branch 'master'","Warn: no status checks found to merge onto branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/7 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":["Warn: Repository is archived."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"project is archived","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:25:41Z","repo":{"name":"gitlab.gwdg.de/fe/fe-seach-portlet","commit":"8869a2cd81d0b6555beb79f5a0a63ca68d3bfec2"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.7,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Info: 'stale review dismissal' is required to merge on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: 'up-to-date branches' is required to merge on branch 'master'","Warn: no status checks found to merge onto branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/4 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":["Warn: Repository is archived."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"project is archived","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:25:42Z","repo":{"name":"gitlab.gwdg.de/fe/fe-portal-entwicklung","commit":"1c317b55c4d35db31958354de46159fd8256920c"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.7,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Info: 'stale review dismissal' is required to merge on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: 'up-to-date branches' is required to merge on branch 'master'","Warn: no status checks found to merge onto branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/23 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":["Warn: Repository is archived."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"project is archived","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:25:43Z","repo":{"name":"gitlab.gwdg.de/fe/roger-frontend","commit":"c90f0b7bab663f40f09493b57b07ae148d294fe6"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.4,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection not enabled on development/release branches","score":0},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"0 out of 5 merged PRs checked by a CI test -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 3/11 approved changesets -- score normalized to 2","score":2},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":null,"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"internal error: RepoClient.ListLicenses: error during licensesHandler.setup: couldn't parse gitlab repo license url: ","score":-1},{"details":["Warn: Repository is archived."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"project is archived","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: 0 commits out of 24 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"SAST tool is not run on all commits -- score normalized to 0","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:25:47Z","repo":{"name":"gitlab.gwdg.de/mine/terraform","commit":"3687a9262f517883a40a203678c96b908984c9d1"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.7,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/30 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:25:48Z","repo":{"name":"gitlab.gwdg.de/fe/playground-cluster","commit":"8a3ff5fc47db1938649b7419dfe569de61c4d99a"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.7,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/3 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":["Warn: Repository is archived."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"project is archived","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:25:49Z","repo":{"name":"gitlab.gwdg.de/fe/helmtest","commit":"089a60748c533d1d549671fcc5be9269eb613963"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.8,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"0 out of 6 merged PRs checked by a CI test -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 3/11 approved changesets -- score normalized to 2","score":2},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: 0 commits out of 25 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"SAST tool is not run on all commits -- score normalized to 0","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:25:51Z","repo":{"name":"gitlab.gwdg.de/fe/cloud-infrastructure","commit":"c82efff344c44889237208bdc50207c22f59082f"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.6,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"0 out of 4 merged PRs checked by a CI test -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/14 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":["Warn: Repository is archived."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"project is archived","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: 0 commits out of 10 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"SAST tool is not run on all commits -- score normalized to 0","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:25:53Z","repo":{"name":"gitlab.gwdg.de/fe/sdg","commit":"0ab3635d3066280115b90cf97b298fe0a21b952f"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.1,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection not enabled on development/release branches","score":0},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/30 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: r.Dockerfile:1: pin your Docker image by updating fedora:34 to fedora:34@sha256:55a74d948c47bb002edff3c7a9a7e864152c686d7c2dc8e3df1ac4d611a20898","Info:   0 out of   1 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:25:57Z","repo":{"name":"gitlab.gwdg.de/fe/openproject-to-gitlab-issue-migration","commit":"f2c8d9a0c6edd139b02f188a921ecda6fdc75cdb"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.7,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/30 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Info: project has a license file: LICENSE.txt:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file detected","score":9},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":["Warn: release artifact v2.17.1 not signed: https://gitlab.gwdg.de/fe/openproject-to-gitlab-issue-migration/uploads/eeb0b798711a8fc10e9e4b5ac1a6a2a3/CHANGELOG.md","Warn: release artifact v2.17.0 not signed: https://gitlab.gwdg.de/fe/openproject-to-gitlab-issue-migration/uploads/3bed5b719f5edc2eb81ef5390a81a763/CHANGELOG.md","Warn: release artifact v2.16.1 not signed: https://gitlab.gwdg.de/fe/openproject-to-gitlab-issue-migration/uploads/567fe6d02911d6fe86c55739112d8ba6/CHANGELOG.md","Warn: release artifact v2.16.0 not signed: https://gitlab.gwdg.de/fe/openproject-to-gitlab-issue-migration/uploads/65696d54be1315f522252f0c0f18cf47/CHANGELOG.md","Warn: release artifact v2.15.0 not signed: https://gitlab.gwdg.de/fe/openproject-to-gitlab-issue-migration/uploads/47420dd5653e8c428358115d6e8daff3/CHANGELOG.md","Warn: release artifact v2.17.1 does not have provenance: https://gitlab.gwdg.de/fe/openproject-to-gitlab-issue-migration/uploads/eeb0b798711a8fc10e9e4b5ac1a6a2a3/CHANGELOG.md","Warn: release artifact v2.17.0 does not have provenance: https://gitlab.gwdg.de/fe/openproject-to-gitlab-issue-migration/uploads/3bed5b719f5edc2eb81ef5390a81a763/CHANGELOG.md","Warn: release artifact v2.16.1 does not have provenance: https://gitlab.gwdg.de/fe/openproject-to-gitlab-issue-migration/uploads/567fe6d02911d6fe86c55739112d8ba6/CHANGELOG.md","Warn: release artifact v2.16.0 does not have provenance: https://gitlab.gwdg.de/fe/openproject-to-gitlab-issue-migration/uploads/65696d54be1315f522252f0c0f18cf47/CHANGELOG.md","Warn: release artifact v2.15.0 does not have provenance: https://gitlab.gwdg.de/fe/openproject-to-gitlab-issue-migration/uploads/47420dd5653e8c428358115d6e8daff3/CHANGELOG.md"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"Project has not signed or included provenance with any releases.","score":0},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:26:00Z","repo":{"name":"gitlab.gwdg.de/fe/rke2-testing","commit":"624400530da16325c53a169bf7e9523cf9411044"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.7,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Info: 'stale review dismissal' is required to merge on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: 'up-to-date branches' is required to merge on branch 'master'","Warn: no status checks found to merge onto branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"0 out of 3 merged PRs checked by a CI test -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 1/7 approved changesets -- score normalized to 1","score":1},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":["Warn: Repository is archived."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"project is archived","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: 0 commits out of 10 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"SAST tool is not run on all commits -- score normalized to 0","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:26:02Z","repo":{"name":"gitlab.gwdg.de/fe/roger_archived","commit":"a2d530f2b34c6fcfeeaf7a7f85a5aca2295ca26f"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.9,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'main'","Info: 'force pushes' disabled on branch 'main'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'main'","Info: 'stale review dismissal' is required to merge on branch 'main'","Warn: codeowners review is not required on branch 'main'","Info: 'up-to-date branches' is required to merge on branch 'main'","Warn: no status checks found to merge onto branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"0 out of 10 merged PRs checked by a CI test -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 3/17 approved changesets -- score normalized to 1","score":1},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Info: project has a license file: LICENSE.txt:0","Info: FSF or OSI recognized license: GNU General Public License v3.0 or later: LICENSE.txt:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file detected","score":10},{"details":["Warn: Repository is archived."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"project is archived","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: Dockerfile:1","Warn: containerImage not pinned by hash: Dockerfile:10","Warn: containerImage not pinned by hash: Dockerfile:25: pin your Docker image by updating tomcat:9.0.53-jre11-temurin-focal to tomcat:9.0.53-jre11-temurin-focal@sha256:794ecf6c3cd27ad8b13549250c29ee1eb68bfdc1d2fca50b734819325c0ac8ff","Warn: npmCommand not pinned by hash: Dockerfile:4","Warn: npmCommand not pinned by hash: run.sh:11","Info:   0 out of   3 containerImage dependencies pinned","Info:   1 out of   3 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 1","score":1},{"details":["Warn: 0 commits out of 23 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"SAST tool is not run on all commits -- score normalized to 0","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:26:06Z","repo":{"name":"gitlab.gwdg.de/fe/discipline-journals","commit":"a035d856dc4c7052a91aed6b968f4bdc3009874b"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.4,"checks":[{"details":["Warn: binary detected: data/done/intermediateSteps/exampleOfExtractionOf_n-gramVocabularyFromPlainText/__pycache__/utils.cpython-37.pyc:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"binaries present in source code","score":9},{"details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Info: 'stale review dismissal' is required to merge on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: 'up-to-date branches' is required to merge on branch 'master'","Warn: no status checks found to merge onto branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/10 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: downloadThenRun not pinned by hash: software/BASHscripts/nameTag/analyze-nametag.sh:13","Info:   0 out of   1 downloadThenRun dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:26:37Z","repo":{"name":"gitlab.gwdg.de/fe/shac","commit":"35874e383b2d5a5027bc4ffb2fe27571c0a459d2"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.8,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Info: 'stale review dismissal' is required to merge on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: 'up-to-date branches' is required to merge on branch 'master'","Warn: no status checks found to merge onto branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"internal error: internal error: Client.Repositories.ListCheckRunsForRef: request for pipelines returned error: GET https://gitlab.gwdg.de/api/v4/projects/17122/pipelines: 403 {message: 403 Forbidden}","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 2/18 approved changesets -- score normalized to 1","score":1},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":["Warn: Repository is archived."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"project is archived","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: Dockerfile:1","Warn: containerImage not pinned by hash: Dockerfile:12","Info:   0 out of   2 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"internal error: internal error: Client.Checks.ListCheckRunsForRef: request for pipelines returned error: GET https://gitlab.gwdg.de/api/v4/projects/17122/pipelines: 403 {message: 403 Forbidden}","score":-1},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:26:38Z","repo":{"name":"gitlab.gwdg.de/fe/factsheets_sshoc_services","commit":"0519bacaaff95ac0f3a4918f05bd83b3d649a758"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.1,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection not enabled on development/release branches","score":0},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/30 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating jekyll/jekyll:4.2.0 to jekyll/jekyll:4.2.0@sha256:1ead0631cb82fdbd5950a5eb5b4bfbec5e6e97bb234afc058072e3f32e537751","Warn: npmCommand not pinned by hash: Dockerfile:8-14","Info:   0 out of   1 containerImage dependencies pinned","Info:   0 out of   1 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:26:40Z","repo":{"name":"gitlab.gwdg.de/fe/Python-in-den-Geistes-und-Sozialwissenschaften","commit":"ba5d8570f5b0e3074959e8e3a9863f0df0755b15"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.7,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Info: 'stale review dismissal' is required to merge on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: 'up-to-date branches' is required to merge on branch 'master'","Warn: no status checks found to merge onto branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/1 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":["Warn: Repository is archived."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"project is archived","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:26:41Z","repo":{"name":"gitlab.gwdg.de/fe/sub-forms","commit":"071de8cc2f284218ee2b22911ecdd1df8a30410c"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.5,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Info: 'stale review dismissal' is required to merge on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: 'up-to-date branches' is required to merge on branch 'master'","Warn: no status checks found to merge onto branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/30 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":["Warn: Repository is archived."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"project is archived","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: npmCommand not pinned by hash: run.sh:22","Info:   0 out of   1 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:26:42Z","repo":{"name":"gitlab.gwdg.de/mgoebel/rc-zeitansage","commit":"fd1f85bc1b153878fc39fa54f8a1ef11dcf72619"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.7,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Info: 'stale review dismissal' is required to merge on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: 'up-to-date branches' is required to merge on branch 'master'","Warn: no status checks found to merge onto branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/24 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:26:48Z","repo":{"name":"gitlab.gwdg.de/fe/dramaSSHOC-usecase","commit":"013f61773c76e31d2f771ae6a5a67898e7e18586"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":2.0,"checks":[{"details":["Warn: binary detected: software/scriptsForAll/pyScripts/__pycache__/plot.cpython-37.pyc:1","Warn: binary detected: software/scriptsForAll/pyScripts/__pycache__/utils.cpython-35.pyc:1","Warn: binary detected: software/scriptsForAll/pyScripts/__pycache__/utils.cpython-37.pyc:1","Warn: binary detected: software/spanish/forTeatroSigloOro/pyScripts/teatroSigloOroSemi-automatischInTEIConvertieren/__pycache__/annotatingTEI_Functions.cpython-35.pyc:1","Warn: binary detected: software/spanish/forTeatroSigloOro/pyScripts/teatroSigloOroSemi-automatischInTEIConvertieren/__pycache__/annotatingTEI_Functions.cpython-37.pyc:1","Warn: binary detected: software/spanish/forTeatroSigloOro/pyScripts/teatroSigloOroSemi-automatischInTEIConvertieren/annotatingTEI_Functions.pyc:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"binaries present in source code","score":4},{"details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Info: 'stale review dismissal' is required to merge on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: 'up-to-date branches' is required to merge on branch 'master'","Warn: no status checks found to merge onto branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/30 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:27:12Z","repo":{"name":"gitlab.gwdg.de/mbrodhu/classicmayan-tei-parser-tg-lab-plugin","commit":"7208f38fb651e651019909e014335aa5b84e1b78"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":1.6,"checks":[{"details":["Warn: binary detected: externalJars/apache-mime4j-core-0.7.2.jar:1","Warn: binary detected: externalJars/axiom-api-1.2.22.jar:1","Warn: binary detected: externalJars/commons-logging-1.2.jar:1","Warn: binary detected: externalJars/geronimo-activation_1.1_spec-1.1.jar:1","Warn: binary detected: externalJars/geronimo-stax-api_1.0_spec-1.0.1.jar:1","Warn: binary detected: externalJars/jaxen-1.1.6.jar:1","Warn: binary detected: teiparser.core/target/classes/org/classicmayan/tglab/teiparser/core/Activator.class:1","Warn: binary detected: teiparser.core/target/classes/org/classicmayan/tglab/teiparser/core/SampleHandler.class:1","Warn: binary detected: teiparser.feature/target/teiparser.feature-0.0.1-SNAPSHOT-sources-feature.jar:1","Warn: binary detected: teiparser.feature/target/teiparser.feature-0.0.1-SNAPSHOT.jar:1","Warn: binary detected: teiparser.test/target/classes/org/classicmayan/tglab/teiparser/core/ActivatorTest.class:1","Warn: binary detected: teiparser.test/target/teiparser.test-0.0.1-SNAPSHOT-sources.jar:1","Warn: binary detected: teiparser.test/target/teiparser.test-0.0.1-SNAPSHOT.jar:1","Warn: binary detected: teiparser.test/target/work/configuration/org.eclipse.osgi/77/0/.cp/junit.jar:1","Warn: binary detected: teiparser.test/target/work/configuration/org.eclipse.osgi/84/0/.cp/libswt-atk-gtk-4629.so:1","Warn: binary detected: teiparser.test/target/work/configuration/org.eclipse.osgi/84/0/.cp/libswt-cairo-gtk-4629.so:1","Warn: binary detected: teiparser.test/target/work/configuration/org.eclipse.osgi/84/0/.cp/libswt-gtk-4629.so:1","Warn: binary detected: teiparser.test/target/work/configuration/org.eclipse.osgi/84/0/.cp/libswt-pi3-gtk-4629.so:1","Warn: binary detected: teiparser.test/target/work/configuration/org.eclipse.osgi/94/0/.cp/jars/maven-surefire-common-2.17.jar:1","Warn: binary detected: teiparser.test/target/work/configuration/org.eclipse.osgi/94/0/.cp/jars/surefire-api-2.17.jar:1","Warn: binary detected: teiparser.test/target/work/configuration/org.eclipse.osgi/94/0/.cp/jars/surefire-booter-2.17.jar:1","Warn: binary detected: teiparser.test/target/work/configuration/org.eclipse.osgi/95/0/.cp/jars/surefire-junit4-2.17.jar:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"binaries present in source code","score":0},{"details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Info: 'stale review dismissal' is required to merge on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: 'up-to-date branches' is required to merge on branch 'master'","Warn: no status checks found to merge onto branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/7 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:27:16Z","repo":{"name":"gitlab.gwdg.de/fe/atom-existdb","commit":"5af5b6c00c7e49700656bdc1316a14b8393f7772"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":3.0,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'master'","Info: 'force pushes' disabled on branch 'master'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'","Info: 'stale review dismissal' is required to merge on branch 'master'","Warn: codeowners review is not required on branch 'master'","Info: 'up-to-date branches' is required to merge on branch 'master'","Warn: no status checks found to merge onto branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"no pull request found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"no effort to earn an OpenSSF best practices badge detected","score":0},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 0/30 approved changesets -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Info: project has a license file: LICENSE.md:0","Info: FSF or OSI recognized license: MIT License: LICENSE.md:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file detected","score":10},{"details":["Warn: Repository is archived."],"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"project is archived","score":0},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"no dependencies found","score":-1},{"details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"no SAST tool detected","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"no releases found","score":-1},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null},{"date":"2025-06-30T08:27:18Z","repo":{"name":"gitlab.gwdg.de/dariah-de/dariah-de-crud-services","commit":"8a1db6e60ea3dee3a4cd41f5a1a775d8eb81592e"},"scorecard":{"commit":"cd152cb6742c5b8f2f3d2b5193b41d9c50905198","version":"v5.1.1"},"score":3.6,"checks":[{"details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#binary-artifacts"},"name":"Binary-Artifacts","reason":"no binaries found in the repo","score":10},{"details":["Info: 'allow deletion' disabled on branch 'develop'","Info: 'force pushes' disabled on branch 'develop'","Info: 'branch protection settings apply to administrators' is required to merge on branch 'develop'","Info: 'stale review dismissal' is required to merge on branch 'develop'","Warn: codeowners review is not required on branch 'develop'","Info: 'up-to-date branches' is required to merge on branch 'develop'","Warn: no status checks found to merge onto branch 'develop'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#branch-protection"},"name":"Branch-Protection","reason":"branch protection is not maximal on development and all release branches","score":4},{"details":null,"documentation":{"short":"Determines if the project runs tests before pull requests are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#ci-tests"},"name":"CI-Tests","reason":"0 out of 4 merged PRs checked by a CI test -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#cii-best-practices"},"name":"CII-Best-Practices","reason":"badge detected: Passing","score":5},{"details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#code-review"},"name":"Code-Review","reason":"Found 2/15 approved changesets -- score normalized to 1","score":1},{"details":null,"documentation":{"short":"Determines if the project has a set of contributors from multiple organizations (e.g., companies).","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#contributors"},"name":"Contributors","reason":"project has 0 contributing companies or organizations -- score normalized to 0","score":0},{"details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dangerous-workflow"},"name":"Dangerous-Workflow","reason":"no workflows found","score":-1},{"details":["Warn: no dependency update tool configurations found"],"documentation":{"short":"Determines if the project uses a dependency update tool.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#dependency-update-tool"},"name":"Dependency-Update-Tool","reason":"no update tool detected","score":0},{"details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#fuzzing"},"name":"Fuzzing","reason":"project is not fuzzed","score":0},{"details":["Info: project has a license file: LICENSE.txt:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#license"},"name":"License","reason":"license file detected","score":9},{"details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#maintained"},"name":"Maintained","reason":"30 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10","score":10},{"details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#packaging"},"name":"Packaging","reason":"packaging workflow not detected","score":-1},{"details":["Warn: containerImage not pinned by hash: Dockerfile:4","Warn: containerImage not pinned by hash: Dockerfile:22: pin your Docker image by updating tomcat:10.1-jre17 to tomcat:10.1-jre17@sha256:3d51a8ec8f76d97d4622350a10a1e48283bc4428e0d77725b57083b7e1f95c4d","Info:   0 out of   2 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#pinned-dependencies"},"name":"Pinned-Dependencies","reason":"dependency not pinned by hash detected -- score normalized to 0","score":0},{"details":["Warn: 0 commits out of 19 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#sast"},"name":"SAST","reason":"SAST tool is not run on all commits -- score normalized to 0","score":0},{"details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#security-policy"},"name":"Security-Policy","reason":"security policy file not detected","score":0},{"details":["Warn: release artifact v12.2.2 not signed: ","Warn: release artifact v12.2.1 not signed: https://gitlab.gwdg.de/dariah-de/dariah-de-crud-services/uploads/37093433771f5e82867af2145d42af20/CHANGELOG.md","Warn: release artifact v12.2.0 not signed: https://gitlab.gwdg.de/dariah-de/dariah-de-crud-services/uploads/7eae98d91b889400c8b360fa7570038a/CHANGELOG.md","Warn: release artifact v12.1.7 not signed: https://gitlab.gwdg.de/dariah-de/dariah-de-crud-services/uploads/2eab10c4d0ff0e60fa7fa6a4bdf88ff5/CHANGELOG.md","Warn: release artifact v12.1.6 not signed: https://gitlab.gwdg.de/dariah-de/dariah-de-crud-services/uploads/f793d5c8602b77385d521d0555099052/CHANGELOG.md","Warn: release artifact v12.2.2 does not have provenance: ","Warn: release artifact v12.2.1 does not have provenance: https://gitlab.gwdg.de/dariah-de/dariah-de-crud-services/uploads/37093433771f5e82867af2145d42af20/CHANGELOG.md","Warn: release artifact v12.2.0 does not have provenance: https://gitlab.gwdg.de/dariah-de/dariah-de-crud-services/uploads/7eae98d91b889400c8b360fa7570038a/CHANGELOG.md","Warn: release artifact v12.1.7 does not have provenance: https://gitlab.gwdg.de/dariah-de/dariah-de-crud-services/uploads/2eab10c4d0ff0e60fa7fa6a4bdf88ff5/CHANGELOG.md","Warn: release artifact v12.1.6 does not have provenance: https://gitlab.gwdg.de/dariah-de/dariah-de-crud-services/uploads/f793d5c8602b77385d521d0555099052/CHANGELOG.md"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#signed-releases"},"name":"Signed-Releases","reason":"Project has not signed or included provenance with any releases.","score":0},{"details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#token-permissions"},"name":"Token-Permissions","reason":"No tokens found","score":-1},{"details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/cd152cb6742c5b8f2f3d2b5193b41d9c50905198/docs/checks.md#vulnerabilities"},"name":"Vulnerabilities","reason":"0 existing vulnerabilities detected","score":10}],"metadata":null}]